When something new is started, especially in commerce, there’s a correlating, powerful force that quickly follows.
Do you know what it is?
If you said REGULATION, give yourself a pat on the back.
Regulation can be either a dirty word or a helpful tool, depending on your perspective. When it comes to regulating online commerce, we think it can be helpful.
The primary reason is that the advent of the new commerce we’re talking about, online purchases with credit cards, has been consistently exploited by cyber thieves. It creates a need for security measures and standards to protect sensitive data to combat theft and losses, as well as a neutral third party to oversee those.
When it comes to merchants who accept, store, transmit or process credit card information, keeping cardholder data safe and secure has been a decades-long process to get to the “Payment Card Industry” (PCI) compliance we know today as the PCI Data Security Standards (PCI DSS).
These standards arose out of the PCI Security Standards Council, founded by American Express, Discover Financial Services, JCB International (a Japanese credit card company, MasterCard and Visa Inc., in 2006. The five companies serve as equal stakeholders in overseeing and carrying out the council’s work.
This organization was preceded by attempts by companies, including Visa, to enforce security guidelines even as cyber attacks proliferated, according to TechTarget.
An independent organization, the PCI SSC formed to “develop, enhance, disseminate and assist with the understanding of security standards for payment account security,” according to the council.
The council is responsible for maintaining, advancing and promoting PCI security standards. A critical element of the council’s mission includes providing training and education, as well as product certification programs.
The council effectively works to assist merchants and financial institutions in understanding and deploying standards for “security policies, technologies and ongoing processes that protect their payment systems from breaches and theft of cardholder data.”
In addition, the council’s role is to assist vendors in understanding and putting into practice the standards that create secure payment solutions.
There’s also Qualified Security Assessors and Approved Scanning Vendors that are qualified by the PCI SSC to audit vendors.
ZZ Servers, a PCI Level 1 Service Provider provides custom engineered solutions for business that need to comply with PCI, providing the highest levels of security, stability and reliability.
There are only 363 Qualified Security Assessors around the world, according to the PCI Security Standards Council. Founding partner David Zendzian a former QSA is intimately familiar with these requirements. As a result, all of our infrastructure is built with auditors in mind and for the protection and peace of mind of our clients.
For more information on this topic, we’ve included a couple of links to some background on the PCI DSS standards and the PCI Security Standards Council website.
PCI Security Standards Council — https://www.pcisecuritystandards.org
Search Security’s timeline of the PCI DSS standards — http://bit.ly/2bfkZgQ