What is the PCI (Payment Card Industry)?
The PCI (Payment Card Industry) is a sector within the financial industry that is responsible for all electronic payments. As purchases are completed through debit, credit, ATM, POS, prepaid and e-purse systems, sensitive financial data is constantly being transmitted to all parts of the world. As such, strict security measures must be outlined in order to protect all users engaging in non-cash exchanges of payment. Once this industry became a leader in the financial sector, the PCI established its main branch called the Security Standards Council. This council was founded by the leading financial corporations in order to regulate security measures for the electronic financial data involved within this industry.
How Does the PCI (Payment Card Industry) Work?
The PCI handles all the financial establishments and organizations that engage with the personal financial information of all types of electronic cardholders. Their ultimate objective is the continuation of virtual methods of payments, and transactions, while protecting users from the potential of fraud and theft. Within the PCI, the top financial institutions joined together as members which include Visa, Inc., American Express, Discover Financial Services, MasterCard and JCB International. Collectively these corporations established the PCI Security Standards Council to better identify and administer best practices for all organizations to comply with when engaging in the PCI.
PCI-SSC (Payment Card Industry Security Standards Council)
The major financial corporations worked to create the PCI-SSC (Payment Card Industry Security Standards Council) which stands as an independent entity from the top brands. This council works alongside organizations of all sizes and enterprises that deal with payment cards of any form. In essence this council has identified two priorities that continue to shape its mission in protecting and serving all cardholders with their financial data.
- For Merchants: The PCI-SSC aims to provide standards for financial institutions and merchants of any size to ensure secure methods of payments for their organizations and their customers. With advancements made in technology, payment processes need to follow secure policies and practices to prevent any potential breach of the institutions data or that of the cardholders.
- For Vendors: Large innovative vendors have established their ability to provide cardholder’s with efficient ways of processing payments. Along with these promising payment solutions, the PCI-SSC creates standards of practice that assist vendors to create new methods of secured payment processing.
PA-DSS (Payment Application Data Security Standard)
Within the PCI-SSC, an additional body was formed to assist in the development of payment applications in compliance with the council. The Payment Application Data Security Standard (PA-DSS) was established to assist vendors in creating payment softwares that maintain the council’s high level of security and protection. While various payment solutions can be created, in order for them to be active they must be audited by an assessor from the PA-DSS and fulfill all the security requirements. When considering that the payment software created will serve as a third party application, the PCI-SSC must diligently verify it’s full capacity to process and secure the data of all cardholders.