Payment card industry (PCI) compliance, also referred to as Payment Card Industry Data Security Standard (PCI DSS) compliance, refers to the technical and operational standards businesses must follow to protect cardholder credit card data. PCI security is enforced by the PCI Standards Council, and all businesses that store, process, or transmit credit card data electronically are required to follow its compliance guidelines. If merchants do not handle credit card information properly, user card information can potentially be hacked and stolen, then used to make fraudulent purchases. Additionally, sensitive cardholder information could be used for iddentity fraud.
PCI DSS requires that all Level 1 businesses (with more than 6 million credit card transactions per year) undergo a yearly PCI audit conducted by a qualified auditor. Though these are industry rules rather than laws, the risks involved with noncompliance can be significant including penalties, lawsuits, and erosion of a company’s brand image and trust.
Solutions that provide automated vulnerability detection and defenses can be very effective components of PCI DSS compliance programs.
Meet software delivery deadlines and security mandates. Contrast Community Edition for Java applications, .NET Core (and .Net Framework coming soon), and APIs delivers security-as-code that protects your software against the most common security flaws. With Contrast, you can remediate vulnerabilities early in the SDLC and monitor and defend against attacks on production applications.