Crypto Complete - PCI Compliance
The Payment Card Industry (PCI) is a coalition of credit card companies including American Express®, Discover®, MasterCard® and Visa®. The PCI has created a Data Security Standard (PCI DSS) which details the security requirements for credit card merchants, service providers and processors. Any organization that stores, processes or transmits cardholder data is required to comply with the PCI DSS.
If cardholder data is accessed by unauthorized individuals, an organization may be subject to the following liabilities and fines associated with non-compliance with PCI DSS:
• Punitive fines for non-compliance with PCI DSS.
• All fraud losses incurred from the use of the compromised account numbers from the date of the compromise forward.
• Cost of re-issuing cards associated with the compromise.
• Cost of any additional fraud prevention/detection activities required.
• Potentially the revocation of an organization’s merchant account, resulting in their inability to process future credit card transactions.
In response to the increasing cases of stolen and lost cardholder data, the PCI DSS has been enhanced with stringent security requirements. To view the latest version of the PCI DSS, visit the URL of http://www.pcisecuritystandards.org
A helpful self-assessment questionnaire has also been developed by the PCI, which is also available at http://www.pcisecuritystandards.org. This questionnaire will help an organization determine how well they are complying with the PCI DSS.
Sections 3.4, 3.5, 3.6 and 10.0 of the PCI Data Security Standard (DSS) focus on the cryptology and key management requirements for organizations.
Crypto Complete will help your organization to comply with the PCI DSS standards through its integrated key management solution and strong IBM i (iSeries) field encryption / backup encryption features. If you would like to review our White Paper on PCI Compliance specific to Crypto Complete, please send an email to firstname.lastname@example.org with your request.