Overview of Payment Card Industry Data Security Standards (PCI DSS)
Almost daily, thefts of identities and personal information are reported in the news. As of December 29, 2009, the Identity Theft Resource Center (a nonprofit dedicated exclusively to the understanding and prevention of identity theft) documented 492 paper and electronic breaches, exposing over 222 million records. Each year this number increases and while not all breaches involved credit card data, each breach involved and event were an individual's personal data was exposed.
Over the past several years, the importance of handling credit card data has been a growing concern of businesses and customers. When our customers offer their bankcard at the point of sale, over the internet, on the phone, or through the mail, they need assurance that their account information is safe. In response to this need, the Payment Card Industry Data Security Standards (PCI-DSS) were developed to ensure that industry members, merchants, and service providers maintain the highest information security standards.
The Payment Card Industry Data Security Standards (PCI DSS) represent a common set of technical requirements and testing methodologies created to help ensure the safe handling of sensitive information. It was initially created to align the separate security programs of MasterCard and Visa, and later was adopted by other major card programs. In 2006, the PCI Security Standards Council was created to govern the security standards for the payment industry. Founding members of the council included American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.
Compliance with the PCI Data Security Standard is required to accept major credit cards for business transactions on campus. PCI DSS defines protected customer financial information, and establishes security best practices to safeguard that information. Expensive fines may result from mishandling of financial data, as well as potential revocation of credit card processing services. All Michigan Tech merchants, i.e. units and departments that accept credit card payments, must comply with PCI DSS requirements.