Payment Card Industry - Security Standards Council
The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.
The term is sometimes more specifically used to refer to the Payment Card Industry Security Standards Council, a council originally formed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International on Sept. 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.
The PCI Council formed a body of security standards known as the PCI Data Security Standards, (PCI DSS), and these standards consist of 12 significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines.
By complying with qualified assessments (see QSA) of these standards, businesses can become accepted by the PCI Standards Council as compliant with the 12 requirements, and thus receive a compliance certification and a listing on the PCI Standards Council website. Compliance efforts and acceptance must be completed on a periodic basis. (See PCI DSS.)
When the acronym PCI is listed within job requirements, it most frequently refers the many disciplines of managing the PCI compliance effort within the applicable business entity.
The PCI Council compliance within any card handling business' security process can be considered part of inter-related disciplines of governance, risk, and compliance (GRCM), as well as part of information security.
Payment Card Industry - Security Standards Council information security certifications -
Check out PCI SSC Security Certifications @ www.pcisecuritystandards.org