Payment Card Industry

Organizations collecting and protecting cardholder data face an array of regulatory challenges. The PCI Security Standards have been mandated by major credit card providers and is intended to protect cardholder data. Standards including the PCI Data Security Standard (PCI DSS), the Payment Application Data Security Standard (PA-DSS), the Point-to-Point Encryption (P2PE) requirements, and the Experian Independent 3rd Party Assessment (EI3PA) requirements impact how organizations manage, transmit, and safeguard payment information and cardholder data.

The 6 main objectives for PCI include:

  • Building and maintaining a secure network for processing cardholder data
  • Protecting cardholder data both in transit and at rest
  • Defining and maintaining a vulnerability management program
  • Implementing strong access controls within the cardholder data environment
  • Monitoring and testing for network vulnerabilities
  • Maintaining an information security policy for corporate governance