Payment security is paramount for every merchant, financial institution or other entity that stores, processes or transmits cardholder data.
The PCI Data Security Standards help protect the safety of that data. They set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.
Maintaining payment security is serious business. It is vital that every entity responsible for the security of cardholder data diligently follows the PCI Data Security Standards.
If you accept or process payment cards, the PCI Data Security Standards apply to you.
These standards cover technical and operational system components included in or connected to cardholder data.
The PCI PIN Transaction Security Requirements (called PCI PTS) are focused on characteristics and management of devices used in the protection of cardholder PINs and other payment processing related activities. Manufacturers must follow these requirements in the design, manufacture and transport of a device to the entity that implements it.
Financial institutions, processors, merchants and service providers should only use devices or components that are tested and approved by the PCI Council.Approved PIN Devices
The Payment Application Data Security Standard is for software vendors and others who develop payment applications that store, process or transmit cardholder data and/or sensitive authentication data, for example as part of authorization or settlement when these applications are sold, distributed or licensed to third parties.
Most card brands encourage merchants to use payment applications that are tested and approved by the PCI Council.Validated Payment Applications
A comprehensive set of security requirements for point-to-point encryption solution providers, this PCI standard helps those solution providers validate their work. Using an approved point-to-point encryption solution will help merchants to reduce the value of stolen cardholder data because it will be unreadable to an unauthorized party. Solutions based on this standard also may help reduce the scope of their cardholder data environment – and make compliance easier.
Point-to-Point Encryption is a cross-functional program that results in validated solutions incorporating many of our various security standards.Validated Solutions
A model framework for security, the PCI Data Security Standard integrates best practices forged from the years of experience of security experts around the world.
The standard works for some of the world’s largest corporations. And it can work for you.