Payment Council Industry Data Security Standards

The security benefits associated with maintaining PCI compliance are vital to the long-term success of all merchants who process card payments. This includes continual identification of threats and vulnerabilities that could potentially impact the organization. Most organizations never fully recover from data breaches because the loss is greater than the data itself.” — Quick Service Restaurant (QSR) Magazine

Primary Task Response:

Following the Payment Council Industry Data Security Standards (PCI DSS) is just good business. Such standards help ensure healthy and trustworthy payment card transactions for the hundreds of millions of people worldwide that use their cards every day.

• Please define and describe the PCI DSS
• What are potential liabilities from not following PCI DSS?
• With regards to payment security:
  • What data are thieves after?
  • Where do thieves steal data?
  • What needs to be secured?

Answer preview

A person’s credit card information can be stolen without their credit card being stolen. Thieves are usually after personal information, such as one’s social security number, birth date, and mother’s maiden name in order to impersonate them. Thieves acquire this data by hacking into a company where one has used their credit card before or a company that handles credit card processing. They also use a small device that captures credit card information while swiping called a credit card skimmer. This is usually secretly put in place over the actual credit card swipe or they swipe credit cards twice, like in restaurants, and the second time using their own readers. Thieves can also get information through installing malware or viruses on someone’s computer or smartphone. Thieves design malware that is downloaded through email attachments or other programs downloaded online. This malware monitors sensitive activity and sends it back to the thief.

[613 Words]