The United States uses a magnetic stripe on a card to process transactions and its security relies on the holder's signature and visual inspection of the card to check for features such as a hologram.   This system is scheduled to be outmoded and replaced by Europay, MasterCard and Visa (EMV) in 2015.   EMV is a global standard for inter-operation of Integrated Circuit cards (IC cards or "chip cards"), IC card capable Point Of Sale (POS) terminals and Automated Teller Machines (ATMs) for authenticating credit and debit card transactions.

The payment card industry consists of all the organizations which store, process and transmit cardholder data, most notably for debit cards and credit cards.   The security standards are developed by the Payment Card Industry Security Standards Council which develops the Payment Card Industry Data Security Standards used throughout the industry.  

Individual card brands establish compliance requirements that are used by service providers and have their own compliance programs.   Major card brands include American Express, Discover Financial Services, Japan Credit Bureau, MasterCard Worldwide and Visa International.   Most companies use member banks that connect and accept transactions from the card brands.   Not all card brands use member banks, like American Express, these instead act as their own bank.

On September 7, 2006, American Express, Discover Financial Services, Japan Credit Bureau, MasterCard Worldwide and Visa International formed the Payment Card Industry Security Standards Council with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard.   The council itself claims to be independent of the various card vendors that make up the council.   As of August 1, 2014, the PCI SSC website lists 688 "Participating Organizations."   Internationally, 61 different financial institutions were noted, including Bank of America, Capital One, JP Morgan Chase, Royal Bank of Scotland, TD Bank and Wells Fargo.   A total of 275 merchants were listed, including Amazon.com, Burger King, Citgo, Dell, Equifax, Exxon Mobil, Global Cash Access, Motorola, Microsoft, Southwest Airlines and Walmart.

Does your enterprise need PCI DSS compliance?   Zen Ledge can help.   We can get your business in total compliance by implementing the following:

• Protecting Cardholder Data
• Building and Maintaining a Secure Network
• Implementing Strong Access Control Measures
• Creating and Maintaining an Information Security Policy
• Creating and Maintaining a Vulnerability Management Program
• Regularly Monitoring and Testing Your Networks

For additional information you can browse the entire PCI document library at the official PCI Website.