In 1999, Visa USA developed the Cardholder Information Security Program (CISP). The goal of this program was to assure cardholders that their account information was safe, regardless of where it was offered for payment. Originally intended to secure credit card transactions over the Internet, the CISP was expanded and mandated in June 2001 to apply to all payment channels, including retail (brick and mortar), mail/telephone order, and e-commerce. To achieve CISP compliance, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard (DSS). The PCI DSS, the result of collaboration between Visa and MasterCard, is designed to create common industry security requirements that incorporate the CISP requirements. Visa, MasterCard, American Express, Diner’s Club, Discover, and JCB USA have each endorsed the CISP and PCI DSS. If a member, merchant, or service provider does not comply with the security requirements or fails to rectify a security issue, they could face fines of up to US$500,000 per incident, or restrictions imposed by the credit card companies, including denying the member's, merchant's, or service provider's ability to accept or process credit card transactions.
GlobalSCAPE is a Participating Organization of the PCI Security Standards Council
As a council member, we can better help our customers bridge the gap between understanding and complying with PCI DSS requirements. We are excited to participate in this initiative and are eager to provide companies with the tools necessary to succeed in this area. As a Participating Organization, GlobalSCAPE:
Plays a direct role in the ongoing development of PCI standards
Attends PCI Security Standards Council Community Meetings
Stands for election on the Board of Advisors
Reviews in advance standards and supporting materials before release
Who Must Comply with PCI?
Any organization that stores, processes, or transmits Primary Account Number (PAN) data must comply with PCI DSS requirements. However, even organizations that do not store or transmit PAN data may decide to use the PCI DSS requirement document as an internal security best practice guideline by which they measure and implement their own data security standards.
Refer to PCI DSS Requirements for information about specific PCI DSS requirements addressed in EFT Server.
For more information regarding PCI Security Standards, including downloading a PDF of the standard, visit https://www.pcisecuritystandards.org/index.htm.
For a list of terms and acronyms used in the standard, refer to https://www.pcisecuritystandards.org/tech/glossary.htm.