CISP-PCI

CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit card companies for the purpose of ensuring and enhancing the privacy and security of financial data.

CISP was authored by Visa USA and mandated in 2001. The requirements of CISP apply to all enterprises that handle Visa cardholder information and payment channels, including:

• Brick-and-mortar transactions
• Mail-order transactions
• Telephone transactions
• Online transactions

PCI, mandated under CISP in 2004 and co-developed by Visa USA and MasterCard, defines an expanded set of requirements for the protection of credit-card information, including encryption, access control, physical security and operational audits. This standard requires that public networks and Web sites be tested frequently and regularly for compliance by a certified auditor.

Learn more about PCI DSS: Audits and requirements

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Visa USA provides an overview of CISP. - A printable version of PCI can be downloaded from Visa USA.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Vendor contract management: Regulatory guidance is risk-based Financial-services firms are subject to many requirements for managing vendor information security risks by contract. Learn how regulatory guidance is... Vendor audit and monitoring contractual rights Third-party contracts must include vendor auditing and vendor monitoring rights. RBS WorldPay agrees to market VeriFone end-to-end encryption Payment processor will promote VeriFone's technology for end-to-end encryption of payment card data to its merchants.