Payment Card Industry (PCI) Compliance


What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide standard designed to protect payment card data. Created to help organizations that process card payments to prevent payment card fraud, it imposes strict data controls on all organizations that store, process, or transmit payment card data from card brands.

The standard requires organizations to meet stringent requirements for the handling and safe keeping of data.

Who does PCI-DSS Apply to?

Organizations handling card data are obliged to protect the cardholder data. They are required to build and maintain a secure network that is regularly monitored and tested. These networks should have strong access controls and must comply with a maintained information security policy held by the organization. All card processing organizations are also obliged to maintain a vulnerability management program.

PCI-DSS Non-Compliance Penalties

For organizations that fail to comply with these requirements, the penalties can involve:

  • Insurance claims
  • Cancelled accounts/replacement cards
  • Payment card issuer fines
  • License to process transactions could be revoked

Credit and debit card brands are getting stricter on PCI compliance with individual card providers choosing to increase fines they charge for data breaches. The ultimate risk resulting from a breach, for companies with a relationship with one or more of the card brands, is the loss of their ability to process credit card payments. Companies subject to a data breach may also be audited and could potentially be fined heavily.

How Data Classification can help with PCI-DSS

Fortra's Data Classification is internationally recognized classification software can help organizations protect personal data by reducing the risk of a data breach through the use of classification. For example, a screen shot sent to another department may contain an individual’s address and credit card number and wouldn’t be picked up by most Data Loss Prevention (DLP) solutions. However, the user could mark the email as PCI-related to ensure that the information is handled confidentially in line with PCI requirements.

Fortra's Data Classification support compliance with Payment Card Industry Data Security Standards by:

Left Column

Clearly identifying PCI-related information to assist or help enforce data loss prevention (DLP)

Middle Column

Assisting with enterprise search should an audit be required

Right Column

Identifying and triggering encryption, where required

Learn More about Fortra's Data Classification

Find out how Fortra's flexible data classification can help drive compliance with a variety of regulations and requirements. 

Regulatory Compliance

If you're ready for a demo, let's talk about how we can help with your specific compliance needs.