Once upon a time, people discovered that credit cards were a convenient, hassle-free way to pay for goods and services online. Unfortunately, at about the same time, criminals realized that there was a lot of money to be made through online credit card fraud.
In December of 2004, the five major players in the credit card industry, Visa, MasterCard, American Express, Discover and JCB, decided to unite their forces to mitigate the looming threat of credit card loss. To achieve this ambitious goal, they decided to tackle information security – the way that cardholder information was processed and stored – and they launched a new standard which they called the Payment Card Industry Data Security Standard, PCI DSS, for short.
PCI DSS establishes a set of rules and requirements that every business that processes credit cards must respect. In other words, in this fairy tale, PCI DSS is one of the knights in shining armor that stand guard so that your clients don’t get defrauded, and so that credit card companies don’t experience preventable losses.
There are a bunch of very technical hoops that companies who choose to process credit cards must jump through as well as external verifications to pass to get certified as PCI compliant, but in essence they can be summed up by the following:
Their network and systems must be kept secure and tested on a regular basis.
Cardholder data must be encrypted whenever it is transmitted and stored securely when it is saved to ensure that it is protected at all times.