PCI DSS: Protecting Card-Holder Data
In July 2005, hackers stole information from more than 45 million credit and debit cards by breaching the data security system at discount retailer T.J. Maxx. The breach did not become publicly known until a year and one-half later. When all is said and done, the theft is likely to cost the company around $5 billion.
Experts say that the retailer’s own disclosures revealed flaws in its data security, from failure to encrypt information properly to holding on to data after it should have been deleted.
Companies that process, store, and/or transmit payment card data can-and must-protect themselves and their customers from hack jobs like the one that will cost T.J. Maxx billions and put their customers at risk of identity theft.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements for boosting payment account data security. The Standard is comprehensive, with requirements ranging from network architecture to policies and procedures.
The PCI DSS was developed by the Payment Card Industry Security Standards Council, which was established by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc, and updated on October 1, 2008. Compliance ...