What is the Payment Card Industry (PCI) Data Security Standard (DSS)?

The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure safeguard confidential information such as card numbers and expiration dates which can then be used for fraud.  What are the consequences to my business if I do not comply with the PCI DSS?

If you are breached you could be subject to significant fines and card replacement costs. For example, a merchant storing 100 cards monthly could have 3,600 card numbers after just three years. If the fine and card replacement cost for each compromised card was only $10, then the potential loss could be $36,000 plus other costs for actual losses on individual card accounts and legal fees. For more specific information, please contact the individual payment card brands. American Express DSOP http://www.americanexpress.com/datasecurity Discover http://discovernetwork.com/fraudsecurity/disc.html JCB http://www.jcb-global.com/english/pci/index.html MasterCard http://www.mastercard.com/sdp Visa CISP http://www.visa.com/cisp

What is the definition of "merchant"? For the purposes of the PCI DSS, a merchant is defined as any entity that accepts payment cards bearing the logos of any of the five members of PCI SCC (American Express, Discover, JCB, MasterCard or Visa) as payment for goods and/or services. Can the full credit card number be displayed within a browser window? PCI DSS requirement 3.3 requires that the PAN be masked when it is displayed (for example, on screens, logs, reports, reciepts), unless the viewing party has a specific need to see the full card number. For more information: https://www.pcisecuritystandards.org/hardware_software/ In the event of a breach. 1. IDENTIFY Identify the attack vector and immediately terminate. 2. NOTIFY Contact your processor immediately. 3. QUANTIFY Visa may require a Payment Card Industry Forensic Investigator (PFI) to conduct a forensic investigation. 4. RECTIFY Immediately Implement PCI DSS solutions to correct the problem. For more information: https://usa.visa.com/dam/VCOM/download/merchants/cisp-what-to-do-if-comp... http://www.mastercard.com/us/merchant/pdf/Account_Data_Compromise_User_G...