CISP-PCI

CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit card companies for the purpose of ensuring and enhancing the privacy and security of financial data.

CISP was authored by Visa USA and mandated in 2001. The requirements of CISP apply to all enterprises that handle Visa cardholder information and payment channels, including:

• Brick-and-mortar transactions
• Mail-order transactions
• Telephone transactions
• Online transactions

PCI, mandated under CISP in 2004 and co-developed by Visa USA and MasterCard, defines an expanded set of requirements for the protection of credit-card information, including encryption, access control, physical security and operational audits. This standard requires that public networks and Web sites be tested frequently and regularly for compliance by a certified auditor.

Read more about CISP-PCI: - Visa USA provides an overview of CISP. - A printable version of PCI can be downloaded from Visa USA.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Download presentations from Financial Information Security Decisions 2009 Download a number of the compelling presentations from the 2009 Financial Information Security Decisions conference. Two conversations about risk assessment A couple discussions illustrate how security professionals can have radically different understandings of risk assessment, David Schneier writes. Why financials should pay attention to NERC CIP David Schneier says NERC CIP may prove to be the standard that ultimately becomes the framework used by President Obama's administration as a baseline...