Payment card industry
Encyclopedia
The payment card industry (PCI) denotes the debit
, credit
, prepaid
, e-purse, ATM
, and POS
cards and associated businesses.
The term is sometimes more specifically used to refer to the Payment Card Industry Security Standards Council, a council originally formed by American Express
, Discover Financial Services
, JCB
, MasterCard Worldwide
and Visa International on Sept. 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard
. The council itself claims to be independent of the various card vendors that make up the council.
The PCI Council formed a body of security standards known as the PCI Data Security Standards, (PCI DSS
), and these standards consist of 12 significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines. By complying with qualified assessments (see QSA
) of these standards, businesses can become accepted by the PCI Standards Council as compliant with the 12 requirements, and thus receive a compliance certification and a listing on the PCI Standards Council website. Compliance efforts and acceptance must be completed on a periodic basis. (See PCI DSS
.)
When the acronym PCI is listed within job requirements, it most frequently refers the many disciplines of managing the PCI compliance effort within the applicable business entity.
The PCI Council compliance within any card handling business's security process can be considered part of inter-related disciplines of governance, risk, and compliance (GRCM
), as well as part of information security
.
Association is Canada's national organization linking Financial Institutions and enterprises that have proprietary networks, to enable communication with each other for the purpose of exchanging electronic financial transactions. The Association was founded in 1984 by the big five banks. Today, there are over 80 members. The Interac Association is the organization responsible for the development of Canada's national network of two shared electronic financial services: Shared Cash Dispensing (SCD) for cash withdrawals from any ABM not belonging to a cardholder's financial institution; and Interac Direct Payment (IDP) for Debit Card payments at the Point-of-Sale
Debit
Debit and credit are the two aspects of every financial transaction. Their use and implication is the fundamental concept in the double-entry bookkeeping system, in which every debit transaction must have a corresponding credit transaction and vice versa.Debits and credits are a system of notation...
, credit
Credit (finance)
Credit is the trust which allows one party to provide resources to another party where that second party does not reimburse the first party immediately , but instead arranges either to repay or return those resources at a later date. The resources provided may be financial Credit is the trust...
, prepaid
Stored-value card
A stored-value card refers to monetary value on a card not in an externally recorded account and differs from prepaid cards where money is on deposit with the issuer similar to a debit card...
, e-purse, ATM
Automated teller machine
An automated teller machine or automatic teller machine, also known as a Cashpoint , cash machine or sometimes a hole in the wall in British English, is a computerised telecommunications device that provides the clients of a financial institution with access to financial transactions in a public...
, and POS
Point of sale
Point of sale or checkout is the location where a transaction occurs...
cards and associated businesses.
The term is sometimes more specifically used to refer to the Payment Card Industry Security Standards Council, a council originally formed by American Express
American Express
American Express Company or AmEx, is an American multinational financial services corporation headquartered in Three World Financial Center, Manhattan, New York City, New York, United States. Founded in 1850, it is one of the 30 components of the Dow Jones Industrial Average. The company is best...
, Discover Financial Services
Discover Card
The Discover Card is a major credit card, issued primarily in the United States. It was originally introduced by Sears in 1985, and was part of Dean Witter, and then Morgan Stanley, until 2007, when Discover Financial Services became an independent company. Novus, a major processing center, used to...
, JCB
Japan Credit Bureau
Japan Credit Bureau is a credit card company based in Tokyo, Japan. Its English name is .Founded in 1961, JCB established dominance over the Japanese credit card market when it purchased Osaka Credit Bureau in 1968, and its cards are now issued in 20 different countries...
, MasterCard Worldwide
MasterCard
Mastercard Incorporated or MasterCard Worldwide is an American multinational financial services corporation with its headquarters in the MasterCard International Global Headquarters, Purchase, Harrison, New York, United States...
and Visa International on Sept. 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard
PCI DSS
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....
. The council itself claims to be independent of the various card vendors that make up the council.
The PCI Council formed a body of security standards known as the PCI Data Security Standards, (PCI DSS
PCI DSS
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....
), and these standards consist of 12 significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines. By complying with qualified assessments (see QSA
Qualified Security Assessor
The Payment Card Industry Qualified Security Assessor designation is conferred by the to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of an , and will be performing PCI...
) of these standards, businesses can become accepted by the PCI Standards Council as compliant with the 12 requirements, and thus receive a compliance certification and a listing on the PCI Standards Council website. Compliance efforts and acceptance must be completed on a periodic basis. (See PCI DSS
PCI DSS
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....
.)
When the acronym PCI is listed within job requirements, it most frequently refers the many disciplines of managing the PCI compliance effort within the applicable business entity.
The PCI Council compliance within any card handling business's security process can be considered part of inter-related disciplines of governance, risk, and compliance (GRCM
GRCM
GRCM refers to the measures, mechanisms and processes in operation within an organisation with the objective of managing Governance, Risk Management and Compliance.-Governance, Risk & Compliance Management:...
), as well as part of information security
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
.
Interac Association
The InteracInterac
Interac Association is a Canadian organization linking enterprises that have proprietary networks so that they may communicate with each other for the purpose of exchanging electronic financial transactions. The Association was founded in 1984 as a cooperative venture between five financial...
Association is Canada's national organization linking Financial Institutions and enterprises that have proprietary networks, to enable communication with each other for the purpose of exchanging electronic financial transactions. The Association was founded in 1984 by the big five banks. Today, there are over 80 members. The Interac Association is the organization responsible for the development of Canada's national network of two shared electronic financial services: Shared Cash Dispensing (SCD) for cash withdrawals from any ABM not belonging to a cardholder's financial institution; and Interac Direct Payment (IDP) for Debit Card payments at the Point-of-Sale
See also
- Data Loss Prevention
- PCI DSSPCI DSSThe Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....
- GRCMGRCMGRCM refers to the measures, mechanisms and processes in operation within an organisation with the objective of managing Governance, Risk Management and Compliance.-Governance, Risk & Compliance Management:...
- Card Payment Software ComparisonCard Payment Software ComparisonA comparison of notable Payment card industry software.-External Links:*ACI Worldwide BASE24*Compass Plus Tranzware*ElectraCard Services electraEFT*BPC Banking Technologies SmartVista*Euronet Worldwide ArkSys*...
Payment card industry
- PCI Security Standards Council, the organization responsible for the development, enhancement, storage, dissemination and implementation of security standards for account data protection.
- The European Payment Council (EPC) is the decision-making and coordination body of the European banking industry in relation to payments.
- PCI Security Standards Council Participating Organizations
EMV
- EMVCo, the organisation responsible for developing and maintaining the EMV standard
- Chip and PIN, site run by the UK Payments Administration (UKPA), the UK's central co-ordinating authority for the implementation of EMV
- Migration 2 Chip, The Migration 2 Chip Program