PCI/CISP Certification: Your 101 Guide


Credit Card Companies Actions

You would be hard pressed to find a person not worried about identity theft in the modernized world. What many people may not know is what credit card companies have done to help minimize identity theft over the past decade. The large credit card companies have developed the Payment Card Industry Data Security Standard, or the PCI, and the Cardholder Information Security Program, or the CISP. These two standards were put into place starting in 2004. What do these two things mean and how do they help protect from identity theft?

What Transactions

The PCI and the CISP provide industry wide standards for the way credit card transactions are handled by merchants. The standards were developed over the course of time through carefully selected best practices to ensure financial data privacy and security. These standards apply to all transaction types such as: Brick and motor, mail order, telephone sales and online. These standards are required of merchants and providers to help protect consumers’ personal data and help protect from identity theft and other fraud.

Standard Requirements

The standards protect data through the use of encryption, access control, physical security and frequent auditing. The encryption standard is a minimum of Triple-DES 128-bit or AES 256-bit is required wherever consumer data is located, HTTPS has to be a part of the URL and Secure Socket Layer certificates must be used. Access control and physical security entails prohibiting access to persons not directly required to work with consumer data through the use of limited entry doors, Personal Identification Numbers and secured gateways for wireless networks. Auditing is performed by certified auditors and consists of testing for vulnerabilities in the networks, websites and systems infrastructure that may be exploited. Merchants not meeting PCI standards can be penalized with the following:

  • $500,000 in fines (per incident)

  • Complete loss of ability to process card transactions

  • Class-actions lawsuits

  • $10,000 in monthly fines

  • Major public relations crises

Certification or Compliance

Merchants and providers wishing to become PCI/CISP compliant and PCI/CISP certified must meet certain requirements. The requirements for each may differ significantly in some areas. The stricter of the two is PCI/CISP certification. Merchants that achieve the PCI/CISP certification offer a higher level of security for their consumers. Certified merchants have made significant investments in their computer hardware and software to meet the guidelines set by the PCI. These merchants may have made changes to their buildings to meet guidelines; they are required to get audited frequently by certified auditors. PCI/CISP compliance means a merchant follows the PCI DSS guidelines which do not offer the same level of security as certification especially being they are only checked yearly; this makes it easier for customers’ data to be stolen through various vulnerabilities.

Identity Theft

Identity theft affects millions of people each year. Quite often identity theft is the result of inadequate safety measures regarding consumer’s credit card data. Any time a consumer is the victim of identity theft it is very stressful. They have to make many phone calls to authorities and fill out numerous reports; they still may face tarnished credit as a result. The business may lose many customers due to a security breach involving consumers’ data. The consumers may feel they cannot trust the business afterword. Merchants realize it is less expensive to become PCI/CISP certified then it is risk a major security breach.


The big name credit card companies have developed and enforced two standards to help protect against identity theft and fraud. These two standards are the Payment Card Industry Data Security Standard, or the PCI, and the Cardholder Information Security Program, or the CISP.

Compare the Top 10 Ecommerce Builders Sites
Read Reviews of the Top 10 Ecommerce Builders Sites
Go To Feature Comparison Page

Advertising Disclosure

This site is a free online resource that strives to offer helpful content and comparison features to its visitors. Please be advised that the operator of this site accepts advertising compensation from companies that appear on the site, and such compensation impacts the location and order in which the companies (and/or their products) are presented, and in some cases may also impact the rating that is assigned to them. To the extent that ratings appear on this site, such rating is determined by our subjective opinion and based on a methodology that aggregates our analysis of brand market share and reputation, each brand's conversion rates, compensation paid to us and general consumer interest. Company listings on this page DO NOT imply endorsement. Except as expressly set forth in our Terms of Use, all representations and warranties regarding the information presented on this page are disclaimed. The information, including pricing, which appears on this site is subject to change at any time.

Top 5 Ecommerce Builders Sites