Hacking, theft of cardholder information, and the resulting liability and losses from identity theft and fraud have dramatically increased in recent years. As of January 2009, the Privacy Rights Clearinghouse revealed hundreds of data loss incidents involving more than 251 million individual records occurred since February 2005. Moreover, the cost of each data breach ranged from less than US$1 million to more than US$22 million. Following several years of high-profile stories about payment card security breaches, there is concern that consumers will lose confidence in payment cards.

In response to the security breaches, the card associations have mandated standards and best practices for the protection of cardholder data. In 2004, the card associations coordinated their individual requirements into a standard set of documents now administrated by the PCI Security Council.  The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.  This effort yielded the primary documents for the Payment Card Industry (PCI) Data Security Standard (DSS).  The PCI DSS aims to create cardholder confidence in payment cards by ensuring their information is secure at every stage of the transaction process.

The PCI Security Council develops the standards and technical specifications.  The card brands establish the operating rules and deadlines. For example, by 30 June 2007, all retailers, financial services institutions and businesses that accept card payments had to be compliant with the PCI standard, although some regions set earlier deadlines. Noncompliant organizations face the threat of substantial brand damage, loss of customers, fines or even exclusion from accepting card payments because of the risk of losing cardholder data.

In 2008, Visa’s PABP standard was turned over to the PCI Security Council to maintain and enhance.  The first release of this is the PA-DSS (Payment Application – Data Security Standard) and was released in October 2008.

ACI Worldwide can help organizations maintain PCI compliance. Application and transaction security have always been a critical part of ACI's product design strategy. ACI’s PCI assessment program is just one part of a proactive strategy to address today's evolving security standards. ACI has also developed best practice guidelines on areas such as access security and has modified internal procedures to meet these standards.

PCI compliant ACI products

ACI Commerce Gateway

ACI Retail Commerce Server

BASE24-eps

BASE24-atm
BASE24-pos

OpeN/2

For PA-DSS Validation information on these products, refer to the PCI Security Standards website. 

For VISA USA PABP Validation information on these products, refer to Visa’s website.

Each card association has its own program of enforcement. Queries about the individual card association programs should be directed to the appropriate card association. Information can be found at:

American Express

Discover Card

JCB

MasterCard International

Visa Europe

Visa, Inc. (For Asia- Pacific; Canada; Central and Eastern Europe; Middle East and Africa; Latin America and Caribbean; and USA.) 

Contact Us 

Contact us to learn more about PCI compliance.