Complying with PCI DSS
The PCI DSS (Payment Card Industry Data Security Standard) can challenge organisations. Created in 2006 to address credit card fraud, the standard has 12 requirements that roll up to six broad goals risk managers will recognize: Ensure the network and systems are secure; protect cardholder data; maintain a programme for managing risk; and establish strong controls around access to data, ongoing monitoring and testing, and an information security policy.
Protecting sensitive financial data can be burdensome. Data breaches involving customer credit card data are often high-profile, erode customer trust, and damage a company’s hard-earned good reputation. Additionally, many digital credit card payment processes involve one or more third parties, for services such as money transfers or mobile payments, whose compliance with PCI DSS is also the responsibility of the organisation. Risk and compliance managers need to systematise the increasingly complex, high-stakes process of financial data privacy.