Your selected question
What is PCI DSS?
As many organisations regulated in their respective fields, card acquirers, such as Barclaycard, are members of Card Schemes such as VISA and MasterCard. At the end of 2004, Visa and MasterCard aligned their respective security and data protection programmes to improve security at an industry level – creating the Payment Card Industry Data Security Standard (PCI DSS). The Payment Card Industry Standard Security Council (PCI SSC) was then created, and the PCI SSC now defines the standard. PCI DSS is a worldwide program, also endorsed by Amex, Diners and JCB.
PCI DSS is not a standard for standard sake, it is a collection of good standard data security practices that any organisation should already have in place. It just happens to focus specifically on cardholder data. You may find that you are already a long way towards fulfilling the requirements of the standard. PCI DSS is about preventing card payment information held by merchants, or their third parties, from being used fraudulently and all the consequential financial and reputational losses associated with this.
If you want to access the detailed standard, please visit the PCI Standard Security Council site.
Barclaycard began a PCI DSS related communication programme in 2007 and has sent many letters and leaflets, inserts with statements, placed messages on statements and asked a partner company to email and call merchants in an effort to get the requirements communicated to all merchants.
How useful did you find the answer given?Not at all Very useful