The Payment Card Industry Data Security Standard (PCI DSS) was drawn up in order to reduce leakage and inappropriate use of plastic card information. Today, the requirements set out in PCI DSS apply to all companies who process, store or transfer data about cardholders: banks, processing centers, service providers, retail stores, e-commerce businesses, etc.

As of 2007, organizations which process information about credit and debit cards must comply with PCI DSS. Starting in 2008, payment systems plan to fine any companies that have not undergone certification procedures.

In general, PCI DSS is a comprehensive standard which contains over 100 clear requirements for an organization’s information security. Despite the fact that many organizations already have an information security system in place, it is not always a simple task to make sure a company’s system is aligned with PCI DSS. This process requires substantial financial investment, in addition to considerable time and labor.

Download: DeviceLock for Compliance with the Payment Card Industry Data Security Standard (PCI DSS) (PDF)