The PCI was born out of the ongoing endeavour by VISA and MasterCard to further enhance the security of card payments, thus protecting merchants and cardholders even more effectively from the data theft and fraud.
Who is obliged to comply with the PCI?
All parties involved in the handling of card transactions are required to adhere to the relevant security precautions:
- Merchants who transmit, process or store card data
- Payment Service Providers (PSP; companies that handle card payments on behalf of a merchant)
- Data Storage Entities (DSE; companies that store card data on behalf of a merchant)
- Acquirers such as Telekurs Multipay
What measures are in place to monitor whether or not the PCI is being upheld?
The companies listed above must have their security precautions certified on a regular basis. This ranges from completing a self-assessment questionnaire through to the on-site inspection of security precautions. The precise certification measures that are necessary depend above all on the volume of transactions the merchant handles.
Who monitors whether the PCI Standard is being adhered to?
The certification must be carried out by a security assessor endorsed by the card schemes. The inspection companies operating in Switzerland are listed along with the detailed conditions for certification in the leaflet “Instructions on Compliance with the PCI Security Requirements for Contract Partners”, which may be downloaded from this website.
For detailed information on PCI, please visit the official PCI Council website on www.pcisecuritystandards.org
