Is the Payment Card Industry Data Security Standards (PCI DSS) a government mandate? We’ve been asked this a few times by some of our customers.
PCI DSS was not created by the government, it was created by the 
Payment Card Industry Security Standards Council, made up of members from the five major card companies.
Although not created by the government, Payment Card Industry compliance is enforced, in part, by the Federal Trade Commission (FTC). The other enforcement comes from the card companies, as explained in our prior blog titled, “PCI DSS Non-compliance Fees – Myth or Reality.”
The Federal Trade Commission protects consumers by stopping unfair, deceptive or fraudulent practices in the
marketplace.[1] Pertinent to PCI DSS, a landmark case, Federal Trade Commission vs Wyndham Worldwide Corporation, 12/09/2015[2], identified the PCI DSS as the approved standard for the case and found in favor of the Federal trade Commission, thereby establishing precedence in such cases.
The court ordered outcomes of the case include, but are not limited to:
How does all this impact merchants? If you have a current PCI DSS Attestation of Compliance for your company, no worries. If you are not compliant however, don’t wait for a breach and the FTC to come knocking. If you do not have an Attestation of Compliance, you have work to do to obtain it, and Omega can help.
Omega knows what is required for compliance and assists with filling any gaps you might have. Omega produces policies and procedures, evidence from the Omega systems our customers utilize, and assists customers with understanding how to obtain evidence that Omega does not have access to (such as physical security).
To get more information, call Ashwin Swamy now — 636-557-7777 x2453, or email Ashwin at ashwin.swamy@omegaatc.com.
[1] https://www.ftc.gov/about-ftc/what-we-do
[2] https://www.ftc.gov/system/files/documents/cases/151209wyndhamstipulated.pdf
