With the growing use of credit cards, identity theft and credit card frauds have increased many folds. Is there a set up or a device capable of combating this menace and prevent loses to the users? Yes, there is such an apparatus in force and has largely been effective in neutralizing threats posed by poaching elements offering protection, It is called "Payment Card Industry Data Security Standard" or PCI DSS in short.
A PCI DSS is a standard prescribed for information security world wide by the Payment Card Industry Security Standards Council. The standard has been designed as a preventive measure to tackle credit card fraud or identity theft for the use of companies of the payment card processing industry. This is done by the tightening of security around card user's data and its vulnerability to theft.
Organizations that process credit cards, exchange or hold card user data with any of the branded credit card companies are to apply this standard to their processing system.
Irrespective of the size of the organization or its capacity to handle volume of business, the regulations of these standards are to be applied and the equipments certified. So it is apparent that any enterprising organization big or small, accepting credit cards for payment transaction must comply with PCI DSS. The compliance of validation must be done annually, either externally or internally based on the size of business an organization is processing. Large companies can get their assessment done by an independent assessor recognized as Qualified Security Assessor or QSA. Where as an organizations processing smaller amount of business can opt for compliance through a Self-Assessment Questionnaire or SAQ. However this has to be certified by a QSA before it is submitted.
Bodies in direct relation to the in-scope organization will enforce the compliance. For example, organizations that process American Express the compliance will directly deal with American Express for compliance, where as for MasterCard or Visa transactions, the organization's acquirer will enforce the compliance. For organization in relation with a third party supplier or a hosting company, the responsibility of compliance falls on the in-scope companies. Any organization that is non-compliant while dealing one or more credit cards brands directly or through an acquirer stand the risk of loosing its capability to process credit cards and are liable for heavy penalties.
So as a credit card user it is your primary duty to check whether your card processing company, equipment is PCI DSS compliant and if not, take immediate measures to safeguard your credit card interests.