2018-05-09 12:00:35Finance and AccountingEnglishLearn about PCI compliance, the PCI council, and PCI standards. Examine the problems that they are intended to correct, who they apply to,...https://quickbooks.intuit.com/ca/resources/ca_qrc/uploads/2018/04/Accountant-Explaining-PCI-Compliance-Listener.jpghttps://quickbooks.intuit.com/ca/resources/finance-accounting/pci-compliance-explanation/What Is PCI Compliance?

What Is PCI Compliance?

1 min read

PCI compliance is following a set of guidelines designed to protect customer credit card and debit card information. The guidelines apply to merchants and anyone handling customer credit card information.

In September 2006, the major credit card companies, VISA, Master Card, American Express, Discover, and JCB, created an independent body called the Payment Card Industry Security Standards Council to address the changes that were happening so quickly in the payment card industry, improve security, and protect customer information.

The Council came up with the Payment Card Industry Data Security Standards, a set of rules that applies to all companies that handle, accept, process, or have any contact with customer payment card information. In all, there are 12 standards divided into 220 sub-standards that are grouped into six groups. The standards require these companies to maintain a secure environment and store data on a secure server. Companies using the internet must choose a PCI compliant host.

In addition to administering and updating the PCI standards, the PCI SSC has been vocal in supporting the move toward payment cards with encrypted chips for storing customer data. The old method of using magnetic strips did not encrypt data and made it easy for cyberthieves to skim the data and encode it onto new cards that pass validation checks. The new chips are harder to read and much harder to duplicate. The Council has also established standards for wireless LAN and cloud-based transactions.

Despite these efforts, security breaches involving major retailers and credit bureaus and the theft of sensitive customer data have led to criticisms of the PCI Council and the standards. Critics charge that some groups of merchants receive preferential treatment, despite these groups having the majority of fraud cases, that the standards are difficult to understand and are unevenly applied, and that the agency is more interested in collecting fines than protecting card information.

Information may be abridged and therefore incomplete. This document/information does not constitute, and should not be considered a substitute for, legal or financial advice. Each financial situation is different, the advice provided is intended to be general. Please contact your financial or legal advisors for information specific to your situation.

Related Articles

Why Your Company Needs a Competition Compliance Program

Everyone knows blatant anti-competitive behavior is illegal in Canada, such as price…

Read more

Increase Management Efficiency With Internal Audit Apps

It’s easy for your clients to want to sit back and be…

Read more

Employment Equity Act: Understanding and Compliance

If you run a business in Canada, you may be responsible for…

Read more