Washington State University

PCI Data Security Compliance

  • Share
  • Print

PCI Data Security Compliance

The Payment Card Industry Security Standards Council (PCI SSC) is an open global forum, established in 2006, that develops, maintains and manages the PCI Security Standards.  The Standards include the Data Security Standard (DSS), the Payment Application Data Security Standard (PA-DSS) and PIN Transaction Security (PTS) requirements.   PCI Security Standards cover everything from the point of entry of card data into a system to how data is processed through secure payment applications.  The PCI SSC’s five founding global payment brands are American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.   They have incorporated the PCI DSS as the technical requirements for their data security programs. 

The PCI SSC does not validate or enforce any merchant or service provider’s compliance with the PCI Security Standards, nor does it impose penalties for non-compliance.  Those areas are governed by the payment brands and their partners.  The PCI SSC is a centralized resource for access to the standards, supporting materials to enhance payment card data security and services approved by all five payment brands.  Supporting materials include a framework of specifications, tools, and measurements to help merchants and service providers ensure the safe handling of cardholder information. 

For merchants, the PCI DSS provides a framework for developing a comprehensive payment card data security process – including prevention, detection and appropriate reaction to security incidents.  Tools to assist merchants validate their PCI DSS compliance include Self-Assessment Questionnaires, Attestations of Compliance, Requirements and Security Assessment Procedures and  PCI DSS Quick Reference Guide.

Device vendors and manufacturers look to the PTS requirements, which contain a single set of requirements for all personal identification number (PIN) terminals, including point of sale (POS) devices, encrypting PIN pads and unattended payment terminals.  A list of approved PIN transaction devices can be found at

www.pcisecuritystandards.org/approved_companies_providers/approved_pin_transaction_security.php

To assist vendors and other service providers develop secure payment applications, the PCI SSC maintains the PA-DSS.  A list of validated payment applications are maintained by the PCI SSC at

www.pcisecuritystandards.org/approved_companies_providers/vpa_agreement.php.

E-Commerce, PO Box 641025, Pullman, WA 99164-1025, Contact Us