While every organisation has unique security requirements, a chief concern for many is protecting their customer’s credit card data. Stolen financial information and identity theft not only creates loss of revenue, clients, and partners, but it can result in significant fines and opens the door to lawsuits and loss of the public trust. This concern must be addressed in the initial stages of IT planning and should be integrated with all standard operating procedures at every level of the organisation.

A common misconception is that Chip and Pin is sufficient for data security. But the Chip and Pin is only a physical security control and has no effect on transactions where the cardholder is not present This includes transactions made over the internet or telephone. In the case of internet transactions the consumer is still required to enter critical cardholder data which is transmitted to the remote server. The transmission, storage, and access of that card data falls into the domain of global PCI DSS compliance standards.