PCI DSS Standards

• The Payment Card Industry Data Security Standards Council (PCI DSS) is committed to the protection of credit card information. PCI DSS is an industry wide organization that sets rules and regulations for businesses that accept credit cards. Members of the organization are required to apply the council's security standards in order to prevent identity theft and credit card fraud.
  
  

Standards

• Merchants who process over 6 million yearly transactions must receive network scans from an independent auditor every 3 months. If guidelines are not correctly followed and credit card information is lost or stolen, the company can lose its right to process credit card transactions.
  
  

Other Requirements

• Companies are required to keep customer credit card information on file for only a limited period and have in place security procedures for its removal. Information such as the CVC code (the last 3 numbers on the back of the credit card) and pin number information are prohibited from being stored. There are financial penalties if such information is stolen from a merchant.
  
  

Considerations

• Businesses should protect their customers' credit card information by conducting regular security checks. The organization highly recommends hiring experts to test the security of the credit card processing and storage systems. Following the discovery of any lapses, a business should immediately implement new measures to tighten the security.