The Payment Card Industry Data Security Standard (PCI DSS) establishes standard requirements protecting cardholder information. It applies to all entities that store, process, or transmit cardholder data, such as retail merchants, payment processors, and banks.
PCI DSS took effect in January 2005 after being co-written by VISA and MasterCard and endorsed by other leading card providers. It was created as part of a long-term effort to restore consumer confidence after a string of high-profile events regarding insider theft and poor security processes.
This white paper discusses the challenges of meeting PCI DSS compliance, as well as the ways in which organizations can leverage that work to provide better security, more easily meet future compliance requirements, and create operational efficiencies within their IT organization.