|
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB. Private label cards – those which aren't part of a major card scheme – are not included in the scope of the PCI DSS. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes. ==History== PCI DSS originally began as five different programs: Visa's Cardholder Information Security Program, MasterCard's Site Data Protection, American Express' Data Security Operating Policy, Discover's Information Security and Compliance, and the JCB's Data Security Program. Each company's intentions were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data. The Payment Card Industry Security Standards Council (PCI SSC) was formed, and on December 15, 2004, these companies aligned their individual policies and released version 1.0 of the Payment Card Industry Data Security Standard (PCI DSS). In September 2006, the PCI standard was updated to version 1.1 to provide clarification and minor revisions to version 1.0. Version 1.2 was released on October 1, 2008. Version 1.1 "sunsetted" on December 31, 2008. Version 1.2 did not change requirements, only enhanced clarity, improved flexibility, and addressed evolving risks and threats. In August 2009 the PCI SSC announced the move from version 1.2 to version 1.2.1 for the purpose of making minor corrections designed to create more clarity and consistency among the standards and supporting documents. Version 2.0 was released in October 2010 and is active for merchants and service providers from January 1, 2011 to December 31, 2014. Version 3.0 was released in November 2013 and is active from January 1, 2014 to December 31, 2017. Version 3.1 was released in April 2015 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Payment Card Industry Data Security Standard」の詳細全文を読む スポンサード リンク
|