The payment card industry and the major card brands have a set of data security requirements—PCI DSS—that are unregulated by government, yet every company worldwide that accepts, processes, stores or transmits credit card information must comply with and follow the card brands’ rules. Failure to do so can result in penalties imposed by the card brands, or, for businesses, the inability to accept credit cards. Because of the potential consequences, understanding and complying with the PCI DSS is critical. This paper will introduce the history of the PCI DSS, define its commonly used terms, introduce the high-level requirements entities must follow to be compliant and certify their compliance, and review the litigation landscape as it relates to PCI.
Read the article here.