What is the Payment Card Industry (PCI) Data Security Standard?
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations prevent credit card fraud when they’re processing payments online through increased controls around data and its exposure to compromise. The PCI DSS applies to all organizations that hold, process, or pass a credit card holder’s information online.
Before the PCI DSS was implemented, there were five separate standards—Visa’s Card Information Security Program, MasterCard’s Site Data Protection, American Express’s Data Security Operating Policy, Discover’s Information and Compliance, and JCB’s Data Security Program. The five companies’ standards were all relatively similar, and they each created an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process, and transmit cardholder data. Then in December 2004, the PCI SSC was officially formed when Visa, MasterCard, American Express, Discover, and JCB aligned their individual policies to create the PCI DSS.
As an organization handling a large volume of credit card transactions, GlobalDMS is subject to routine evaluations by independent assessors and is required to have certain safeguards in place to remain PCI compliant. As part of our mandate to remain PCI compliant and to adhere to the current security regulations, we will be making certain changes to our software.
1) Global DMS will now mask all but the last four digits of a credit card when it’s displayed in the system. For example, when a credit card is automatically processed after a client places an order, the staff user will now only see the last four digits of the credit card number when they access the payment page. The first 12 numbers of the card will appear as asterisks (*).
2) Global DMS will no longer store the CVV code regardless of whether the credit card has been processed or not. The user will now always be prompted to enter this information.
Important: If you are a current client, please review the changes above to determine whether any of your internal processes will need to be updated. These changes took effect on September 6th, 2012, and if you have any questions or concerns, please feel free to contact us at 877-866-2747 Ext. 3 or at email@example.com.