CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit card companies for the purpose of ensuring and enhancing the privacy and security of financial data.
CISP was authored by Visa USA and mandated in 2001. The requirements of CISP apply to all enterprises that handle Visa cardholder information and payment channels, including:
- Brick-and-mortar transactions
- Mail-order transactions
- Telephone transactions
- Online transactions
PCI, mandated under CISP in 2004 and co-developed by Visa USA and MasterCard, defines an expanded set of requirements for the protection of credit-card information, including encryption, access control, physical security and operational audits. This standard requires that public networks and Web sites be tested frequently and regularly for compliance by a certified auditor.