|
Well, first things first…
In the beginning, all big five payment card brands had their own security programs. The five brands are: Visa, MasterCard, American Express, Discover and JCB. They all wanted to accomplish the same thing, which was to create an additional layer of defense for their customers and to limit their liability for credit card data theft.
Soon enough, all of the big five brands realized that this should be a joint effort, thus the PCI Security Standards Council (SSC) was formed.
Soon thereafter, the PCI Data Security Standard (DSS) was created by the council and was based on all security programs and requirements of the big five brands. The first published version of the PCI DSS was issued on September 15th, 2004.
Following, two updated versions were issued: version 1.1 that was released on September, 2006 and version 1.2 that was recently released on October 2008.
Now that we’ve got that out of the way, we can start answering the second part of the question – why do I need it?
There are a number of reasons why you need or rather, want to comply with PCI DSS. First and foremost, because the credit card companies demand it and your business might be compromised if you don’t comply with it.
Secondly, PCI compliancy has reached the stage where it is a business enabler. Continuing your business without it is considered a diminishing option. In the near future it will be very difficult to continue conducting a business without complying with PCI.
Finally, you need to comply with PCI in order to protect yourself and your customers. It is not a legitimate business conduct to act carelessly with your customers’ financial data. |