To improve the safety of consumer data and trust in the payment ecosystem, a minimum standard for data security was created. Visa, Mastercard, American Express, Discover, and JCB formed the Payment Card Industry Security Standards Council (PCI SSC) in 2006 to administer and manage security standards for companies that handle credit card data. Before the PCI SSC was established, these five credit card companies all had their own security standards programs—each with roughly similar requirements and goals. They banded together through the PCI SSC to align on one standard policy, the PCI Data Security Standards (known as PCI DSS) to ensure a baseline level of protection for consumers and banks in the Internet era.
Understanding PCI DSS can be complex and challenging.
If your business model requires you to handle card data, you may be required to meet each of the 300+ security controls in PCI DSS. There are over 1,800 pages of official documentation, published by the PCI Council, about PCI DSS, and over 300 pages just to understand which form(s) to use when validating compliance. This would take over 72 hours just to read.
To ease this burden, we can help guide your company or assist in the setup of credit card secure procedures and help fill out SAQs for your business.
SSAE 18 Compliance for your business.
Unlike PCI DSS, which has very rigid requirements, SOC 2 reports are unique to each organization. Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.