Administered by the PCI Security Standards Council, the Payment Card Industry Standards---or PCI Standards---apply to all entities storing, processing or transmitting credit card data. Consisting of the PCI Data Security Standard (PCI DSS), the PIN Transaction Security Requirements, and the Payment Application Data Security Standard, the PCI Standards establish technical and operational guidelines for the creation and maintenance of a secure card payment environment.
Compliance with PCI Standards helps mitigate vulnerabilities in the card payment-processing ecosystem and protect cardholder data from unauthorized access or use. Failure to maintain PCI DSS compliance may result in financial penalties ranging from increased card transaction fees to fines and liabilities—not to mention the effects of a damaged brand reputation should a breach occur.
In defining a framework for safeguarding credit card transaction processing, the PCI standards set forth specific info security requirements for merchants and service providers in accordance with the following goals:
Maintaining compliance with PCI Standards is a continuous process and involves regularly evaluating and ensuring the effectiveness of measures taken to provide for application, network and database security. In particular, the PCI Standards recommend that companies periodically carry out vulnerability assessments on payment processing systems, patch critical vulnerabilities, and submit remediation and compliance reports.
At Akamai, we realize that achieving security compliance is time-consuming and expensive. It may require internal as well as independent audits and complicated certification processes. This is why we offer our customers a Compliance Management Solution that provides the information and support they need to facilitate compliance initiatives for PCI Standards, FISMA, ISO 27001 and 27002, BITS and HIPAA.
Also, our global web content distribution network, management infrastructure, and associated processes are consistent with the best practice security requirements of the PCI Standards. We proactively maintain PCI compliance of our SSL network. Through our PCI Compliance Module, we supply our clients with the services, reporting and documentation necessary for supporting compliance validation.
Moreover, by leveraging our Level 1 PCI compliant, globally-distributed network of hardened content distribution servers, Akamai customers no longer need to process or store cardholder data for online transactions passing through the platform. Replacing card payment data with non-reversible, random token identifiers, our Edge Tokenization Solution reduces PCI compliance requirements for our clients, making compliance simpler and more certain.