Why do we need PCI DSS compliance?
The transition of money from paper to plastic has made our life much easier; however, this changeover also comes at a price. There are various fraudulent activities practiced by attackers, which may put sensitive customer data at risk. Customers can suffer significant loss and inconvenience if data is stolen from the card. Payment Card Industry Data Security Standard (PCI DSS), the standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure.
Today’s speaker, Mr Nitin Bhatnagar, Head of Business Development at SISA Information Security, aimed at spreading awareness about the importance of PCI DSS. Any merchant or entity storing, processing and/or transmitting cardholder data needs to be PCI DSS compliant. This security standard is managed by PCI Security Standards Council (PCI SSC), which was founded by American Express, Discover, JCB, Master Card and Visa. The PCI DSS specifies 12 requirements for compliance. An important requirement among the rest is to “protect stored cardholder data”. This can be achieved through encryption, truncation, making or tokenization. Being compliant with PCI DSS means that you are doing your very best to keep your customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. Not holding on to data reduces the risk that your customers will be affected by fraud.
We need to understand that no mode of payment can be made 100% secure; however, with the help of PCI DSS, customer data is less likely to be breached by an attacker.
Vinay Hira
Web and Media Committee (MBA 14-16)