The Payment Card Industry Security Standards Council provides a set of standards that must be complied with by all organizations that process, store or exchange card holder information in an effort to protect the card holders from becoming victims of identity theft or credit card fraud. This set of standards is called the PCI Data Security Standard (PCI DSS).
PCI DSS compliance begins with having a solid data destruction solution in place. The Payment Card Industry Security Standards Council requires that all credit and payment card information be destroyed as soon as it is no longer required for business or legal information. This includes both hardcopy information and information recorded on electronic media, such as computer hard drives, computerized cash registers, network servers and other forms of recordable media.
The Payment Card Industry Security Standards Council requires that all cardholder data stored on recordable media be rendered unrecoverable to the point that it cannot be reconstructed. The methods of suitable data destruction include:
Any method used to destroy the collected data must be in accordance with current data destruction industry standards.
In addition, any container used to store the materials to be destroyed, either hardcopy or electronic, must be secured with a lock to prevent unauthorized access.
Every company that processes, stores or exchanges cardholder data must have their PCI DSS compliance validated before it can be considered as compliant. Validation occurs annually in one of two ways. Smaller companies and organizations can complete and submit a Self-Assessment Questionnaire (SAQ). However, if the company is larger and it processes a large volume of transactions, a Qualified Security Assessor (QSA) will be required to perform the validation process. It should be noted, that even small companies submitting a SAQ will require the signature of a QSA before their PCI DSS compliance can be approved.
Companies or organizations that fail to comply with the PCI data security standards run the risk of losing their ability to process credit and payment card transactions. They can also face fines and penalties and increase their risk of being audited.
For data destruction services that meet or exceed all current PCI DSS compliance standards, contact Liquid Technology today by calling us at 1-800-797-5478, emailing us or simply fill out our online contact form to the right of this page and one of our data destruction specialists will promptly respond to your inquiry.
As one of the industry’s leading IT asset disposition service providers, Liquid Technology provides a suite of effective impartial solutions. Discover what to look for in a quality e-waste recycler.