Payment Card Industry, Data Security Standard (PCI DSS)
The objective of PCI DSS is to facilite consistent and effective data security measures as well as greater accountability across all organisations which process credit card transactions. The PCI DSS was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.
All organisations that process credit card transactions must comply with the PCI DSS from June 2007; there is no opt out. The compliance rulesets vary according to different types of organisation and how many transactions are processed. Non-compliance can lead to a variety of penalties including fines.
PCI DSS Requirements
The PCI DSS includes 12 high level requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. These are then broken down into very detailed implementation controls.
URM's Consultancy Services
URM is one the UK's leading information security consultancy and training organisations assisting customers to comply and certify to national and international Standards.
URM is working with a number of high profile organisations to help them to achieve compliance to PCI DSS in the most efficient and cost effective manner. Due to the urgent need to comply with the PCI DSS, these projects are often carried out against extremely tight deadlines.
Due to the relative immaturity of the PCI DSS there is some divergence of opinion in the market about how to interpret the Standard's 'Requirements'. URM's services are, therefore, focussed on ensuring that its customers are properly positioned for compliance based on the latest information from the PCI Security Standard Council. This will give customers greater confidence that it is following the correct compliance process.
