The PCI Data Security Standard (PCI DSS) is a comprehensive set of security requirements agreed upon by members of the PCI Security Standards Council intended to provide protection for consumer payment account data. The PCI Security Standards Council consists of leaders from the payment industry including Visa, MasterCard, American Express, Discover and JCB International. The Payment Application- Data Security Standard (PA-DSS) is the Council-managed program formerly under the supervision of the Visa Inc. program known as the Payment Application Best Practices (PABP). The goal of the PA-DSS is to help restaurants, software vendors and others protect cardholder data.
Both the PCI DSS and PA-DSS include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. These standards are intended to help restaurants and software vendors proactively protect consumer account data.
At the core of the PCI DSS and PA-DSS are a group of principles and accompanying requirements, around which the specific elements of the DSS are organized. Retail Control Solutions considers the protection and integrity of payment information to be of the highest importance and takes the security around this data very seriously. It has taken measures and provides solutions to assist the restaurant to be PCI compliant.
For more information about the PCI DSS and PA-DSS, visit www.PCIsecuritystandards.org.
It is important to note that using a PA DSS validated payment application is only one of many requirements that merchants are responsible for meeting under the PCI Data Security Standard (PCI DSS). Below is a link to a whitepaper from Coalfire, a PCI Qualified Security Assessor (QSA), which provides a compliance overview of the payment card industry. This document demonstrates the general scope of merchants’ responsibilities under the PCI DSS, which go well beyond the products provided by Point-of-Sale and payment application vendors.