The PCI DSS was founded in December 2004 by 5 major card brands – Visa, MasterCard, American Express, Discover and JCB.
In 2006, the card brands formed the PCI Security Standards Council (PCI SSC), an independent council established to maintain and update the PCI standards. The PCI DSS is now on its 4th major release.
The standard was agreed by the major card brands as a common, consistent and secure minimum level of protection to be applied by all organisations that process, store or transmit cardholder data to safeguard payment card data and payment card customers. PCI DSS applies to card payments accepted in person, over the phone or online.
PCI DSS was developed in response to the ever increasing impact and costs of payment card fraud. By 2004 annual fraud losses on UK-issued cards had reached £504.8 million but by 2011 losses had dropped to £341.0 million despite the continuing growth of card use and transaction volumes1.
A large part of this drop can be attributed to the improved data security practices implemented by merchants as they achieved PCI DSS compliance.
Benefits of certification:
PCI DSS Compliance reduces the risk of payment card fraud and ensures merchants protect their customers and their customer’s sensitive data.
PCI DSS Compliance means that customers and partners can trust the merchants to appropriately handle their payment card information; customer confidence in the merchant is increased. A confident customer is more likely to use and to return to that merchant’s services and is more likely to recommend their services to others.
PCI DSS Compliance enhances a merchant’s reputation amongst their peers, with acquirers and with the card brands.
PCI DSS is a data security standard and compliance also means that the merchant systems are more secure, that security risks outside of those specific to cardholder data are also reduced, and that other information security regulations and standards can be more easily complied with.
Merchants may use PCI DSS as the basis for a comprehensive Information Security Management System for their organisation.