Visa, Mastercard, American Express, Discover Financial Services, and JCB International came together to create the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS, now on version 2.0 and effective starting January 2011, is meant to protect cardholder data. PCI DSS applies not only to banks and financial institutions but also to payment processors and merchants from various industries who handle credit card data.
The primary benefits of complying with PCI DSS include building trust, expanding markets and customers, avoiding costly data breaches, and having a head start in complying with other security standards.
On the other hand, if an organisation does not comply and it experiences a data breach, consequences include lost revenue, customers or suppliers and a tarnished reputation. One event can spell disaster. Additional consequences may include regulatory fines, lawsuits, and insurance claims.
In the Philippines, companies that are starting to comply with PCI DSS are banks and business process outsourcing organisations.
To improve PCI DSS compliance in the Philippines, we need a local regulatory body to push this requirement. Companies also need to embark on a formal PCI program to ensure that they comply with all the provisions of PCI DSS.
Embarking on a PCI DSS compliance program requires commitment organisation-wide in going through the stages of assessment, remediation, and reporting. PwC can help organisations achieve and maintain PCI DSS compliance.
Views and opinions presented in this article are solely those of the author and do not necessarily represent those of PricewaterhouseCoopers Financial Advisors, Inc.
|Anthony Tuason was a director of PricewaterhouseCoopers Financial Advisors, Inc., a member firm of PricewaterhouseCoopers global network. He is also the firm's Chief Information Security Officer.
For inquiries about this article or to know more how we can help you and your business, please contact PwC Think Tank today.
Note: Certain links in the article connect to other web sites maintained by third parties and such other web sites may or may not be presented within a frame on the web Site. PwC has not verified the contents of such third party web sites and does not endorse, warrant promote or recommend any services or products, which may be provided or accessible through them or any person or body which may provide them. PwC has not issued or caused to be issued any advertisements which may appear on these web sites.