Payment Card Industry Data Security Standards (PCI-DSS) Guide for Contact Center Managers, Sponsored by KnoahSoft
By Donna Fluss
Credit and debit cards (payment cards) are the most common form of debt payment. According to the U.S. Census Bureau, there were 1.42 billion payment cards in the United States in 2000 and 1.48 billion in 2006 1. Furthermore, the same Census Bureau data projects that the total amount of annual commerce paid for with payment cards will reach $2.8 billion in 2010. Keeping the data stored on payment cards secure is a significant problem facing business globally. Companies risk considerable financial penalties and sometimes irreparable damage to their reputation when data breaches occur. For example, in March 2007, TJX, the parent company of TJ Maxx, Marshalls, and Bob’s Store, reported that over several months more than 46 million credit and debit card numbers were stolen as a result of data security breaches. The company settled the related lawsuits for $9.73 million. More damaging is the unknown amount of business TJX lost due to the theft.
National, state and local governments require companies to safeguard consumer information, including the information on payment cards. In response, the largest payment card brands established the Payment Card Security Council and the Payment Card Industry Data Security Standard (PCI-DSS). This standard is a set of voluntary requirements and provides common benchmarks for payment card issuers, processors and merchants with regard to payment card data security. PCI-DSS is an international standard accepted in markets throughout North America, Europe and Asia. It covers areas such as data center security, protection of data during transmission, and standard operating procedures. While the standard is widely accepted by the credit card companies, there is still significant confusion in many companies that handle credit card payment about what PCI compliance means and exactly how it applies to them.