ADTRAN and the PCI Data Security Standard
Page 1 of 6
What is the PCI DSS?
In short, the Payment Card Industry (PCI) Data Security
Standard (DSS) is a stringent set of requirements to help
retailers protect their customers’ identity by securing their
payment account transactions (credit card/debit) and
stored card information. It is not a federal law, nor a
certification process; it’s merely a robust set of
The security standard was made available in early 2005,
but getting buy-in from millions of merchants has taken
time. The latest version of the standard Version 1.1
(September 2006), has created a lot more pressure and
momentum in the industry for compliancy.
Who does the PCI DSS affect?
Any merchant that stores, processes or transmits the
Primary Account Number (PAN) (credit or debit) must
comply with the PCI DSS. This could be a local storefront
(brick and mortar) or companies with only an on-line
Who makes up the PCI?
American Express, Visa International, MasterCard
Worldwide and Discover Financial Services, and JCB
International are the five founding members of the PCI
security standard. This is the first time that all five
competing brands have come together for one cohesive
Who is pushing for compliance?
The founding members listed above are pressuring their
customers (the banks) around the globe. The banks in-
turn pressures their customers (the merchants) to comply
with the PCI standard. The so called pressure is through
the use of a carrot-and-stick approach. Visa’s approach
calls for levying punitive fines on banks that fail to get
their merchant customers to comply with the PCI
standard ($5,000 to $25,000 a month) — while promising
multimillion-dollar incentive packages for banks that prod
their largest customers into complying (over $20 million
set aside in an incentive fund).
What’s the motivation for the merchant to comply?
All merchants are required to comply with the PCI data-
security standards or they t