WHAT IS PCI?
The PCI Data Security Standard (PCI DSS) applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational practices for system components included in or connected to environments with cardholder data. If you accept or process payment cards, PCI DSS applies to you.
WHO HAS TO COMPLY WITH THESE STANDARDS?
Each of PCI SSC’s founding payment brand members (American Express, Discover, JCB International, MasterCard and Visa) currently have their own PCI compliance programs for the protection of their affiliated payment card account data. Entities should contact us directly for information about their compliance programs.
What type of security threats exist?
Criminals can gain access to your systems that store, process, or transmit payment data through weak remote access controls. Remote access may be used by your payment terminal vendors, for example, to provide support to your terminal or to provide a software update.
Criminals use malicious software to infiltrate a computer system and steal payment data. Ransomware is the fastest growing malware threat.
More than 80% of data breaches involve stolen/or weak passwords.
*Verizon 2017 DBIR
Phishing emails are a common delivery vehicle for malware. These emails look legitimate, such as an invoice or electronic fax, but they include malicious links and/or attachments that can infect your computer and system.
Criminals look for outdated software to exploit flaws in unpatched systems.
Criminals attach small hardware "skimming devices" to card readers which can sweep customer payment data when they use payment cards at your store. Criminals use the stolen data to create counterfeit cards and make illegal purchases.