Payment Card Industry Data Security Standard (PCI-DSS)

The Payment Card Industry Data Security Standard (PCI-DSS) is an industry-wide framework for protecting consumer credit card data. Any company that stores, processes, or transmits credit card data must comply with PCI-DSS by properly securing and protecting the data. In April 2011, one of the largest data security breaches in history occurred when Sony PlayStation’s network was attacked and the accounts of over 70 million users were compromised. While many of these accounts contained credit card data, the data was fortunately encrypted and thus very few cases of credit card fraud resulted from the breach. In July 2012, Global Payments revealed it had incurred more than $84 million in expenses associated with investigations, remediation and fines related to a data breach that included the theft of 1.4 million credit card numbers. While encrypting or hashing card numbers wouldn’t necessarily have prevented these cases, using these security best practices can typically lessen, if not eliminate, the costly blowback. Transparent encryption, by comparison, is relatively inexpensive and simple to deploy, even for data stored in the cloud.