LRQA Logo
Improving performance, reducing risk
 
         
The earth from space

PCI Data Security Standard

The Payment Card Industry – Data Security Standard (PCI-DSS) provides a best practice framework for developing a payment card data security process. This includes requirements covering the prevention, detection and reaction to security incidents.

The PCI-DSS is managed by the PCI Security Standards Council which is a global forum established in 2006. Its founding members - American Express, Discover Financial Services, JCB, MasterCard and Visa – each recognise and accept the requirements of the Data Security Standard. It represents an effort by the industry to tackle identity theft and on-line fraud.

Representing a common set of industry tools and measurements to help ensure safe handling of sensitive information, the Standard provides a framework for developing a robust data security process.

This includes the prevention, detection and timely reaction to security incidents.

Do I need to comply with the PCI DSS?

If you are an organisation that accepts payment cards and stores, processes and/or transmits cardholder data, then you need to comply with the Standard. This includes a number of organisations which includes resellers, web hosting providers, card processing bureaux, data storage entities and payment service providers.

This global data security standard is applicable to any size business including smaller merchants. It offers steps that reflect best security practices that will help you make sure your systems are secure and customers will trust you with their payment card data.

The Standard comprises 12 general requirements based around the need to Assess, Remediate and Report:

  • Assess your organisation’s IT assets and processes used for payment card processing and then analyse any system weaknesses.
  • Remediate in order to fix identified vulnerabilities.
  • Report the steps taken to fix any identified problems to the acquiring bank and payment brands that you do business with.

These three steps form an ongoing process which will help you comply with the requirements of the PCI Data Security Standard.

Your next step

LRQA can help you to achieve compliance to PCI requirements.

Call one of our business advisors on 0800 783 2179 or submit the enquiry form, and we will arrange for our PCI partners to contact you to discuss your options. They will advise on, and can even manage the whole process for you if required, liaising with us throughout the process to ensure easy and hassle free compliance.

Further information:


Skip Navigation LinksHome : Standards and Schemes : Asset Protection : PCI (Payment Card Industry)Data Security

23 February 2012

Lloyd's Register Quality Assurance
Subscribe Me

Be kept informed of latest
LRQA and industry news
. . . submit your details.
  The Lloyd’s Register Group comprises charities and non-charitable companies, with the latter supporting the charities in their main goal of enhancing the safety of life and property for the benefit of the public and, ultimately, the environment.

Lloyd's Register and LRQA are trading names of the Lloyd's Register Group of entities. Services are provided by members of the Lloyd’s Register Group. For further details please see http://www.lr.org/entities

© LRQA 2012 . All rights reserved. Page last modified on 10 November 2011
This site does not render correctly in Internet Explorer 6. Please use a later browser or an alternative
Lloyd's Register Logo