Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI-SSC).
The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise.
The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.
Validation of compliance can be performed either internally or externally, depending on the volume of card transactions the organization is handling, but regardless of the size of the organization, compliance must be assessed annually. Organizations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of self-certification via a Self-Assessment Questionnaire (SAQ). In CloudCover's CRP analysis these SAQs require signoff by a QSA for submission before CloudCover will provision Cloud Data Insurance.
Enforcement of compliance is done by the bodies holding relationships with the in-scope organizations. Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer, risk losing their ability to process credit card payments globally and being audited and/or fined nationally.
CloudCover's CRP analysis provides PCI compliance + Cloud Data Insurance.
Learn more >>
|
