At the end of this year, the Payment Card Industry Data Security Standard (PCI DSS) is expected to get an upgrade to version 4.0. It has been around since 2001 and isn’t getting as much attention in the news as newcomers like the European General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).
PCI DSS is very much relevant and applies to every company that accepts card payments, both online and offline. Here are the questions that CSOs are most likely to face when it comes to PCI.
What is PCI DSS?
PCI DSS is a standard backed by all the major credit cards and payment processors that is designed to protect credit card numbers. It specifies a set of cybersecurity controls and business practices and requires either self-assessments or external audits. The degree of reporting varies on the company size.
“The benefit to the merchant, service provider and their customers is an increased focus on data security,” says David Ames, principal in the cybersecurity and privacy practice at PricewaterhouseCoopers.