PCI - the Payment Card Industry Data Security Standards

Chained Credit Card

The PCI DSS is a set of comprehensive requirements for enhancing payment account data security, developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS must be met by all organizations (merchants and service providers) that transmit, process or store payment card data. The PCI DSS (sometimes referred to as a compliance standard) is not a law. It is a contractual obligation applied and enforced - by means of fines or other restrictions - directly by the payment providers themselves

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

Many organisations that are required to record telephone conversations also take credit card details over the phone from clients and accordingly the recording and storage of this data can become a PCI compliance issue. It is a complicated subject and the Storacall team will be pleased to discuss the issues and the solutions that can be offered. Further information on the PCI standards is available at: PCI info