Member access
CB, French payment system
CB, a card payment system, is the leader in France with more than 10 billion transactions per year. The system is managed by the Groupement des Cartes Bancaires CB.

Securing data

Securing data

All of the players responsible for security work together to protect the sensitive data of payment cards.

On information systems belonging to certain merchants, e-commerce sites or card payment platforms that are insufficiently secured; sensitive data from CB cards can sometimes be the target of compromise and then be used fraudulently to make payments for remote sales, face-to-face payments and withdrawals, mainly abroad on payment systems with little security.


It is therefore of the utmost importance that, whatever the size of the players concerned (banks, merchants and service providers), appropriate investment is made in securing the sensitive data of card transactions. Ensuring the confidentiality of this information gives the holders of CB cards protection against the risk of fraud and also against possible breaches of privacy.


This is why the banking community and “CB” share the objectives of the PCI-DSS reference framework, which is itself derived from ISO standards on the security of information systems, aiming for a high level of protection of sensitive card-related data. The community considers that the security objectives defined by the PCI-DSS reference framework correspond to the state of the art of what is currently recommended by experts for securing databases, the exchange of information and for access control. 


Several years ago, all of the players concerned initiated programs to secure this sensitive data; currently, numerous merchants and service providers have already finished or are about to finalise their compliance with PCI-DSS.


Remember that the PCI-DSS reference system was defined by PCI-SSC (Payment Card Industry Security Standards Council), an organisation founded in 2005 by the main card payment systems: MasterCard, Visa, American Express, Discover Financial Services and JCB. This standard defines the security requirements concerning the protection of sensitive data from bank cards. It applies to all players that process card payment transactions, particularly to merchants and e-commerce sites, and also to those who host card payment systems, including the banks. The process of checking the level of compliance with these players in relation to the PCI-DSS varies in proportion to the volume of transactions processed.


Every two years, the PCI-SSC calls the participating organisations to designate their representatives to the advisory committee, the "Board of Advisers". In this context, CB has just been selected to sit on the select committee of experts whose composition has been set until 2012.

Since 2005, “CB” has decided to grant CB referencing to certain companies that are already certified "QSA" (Qualified Security Assessor) at PCI-SSC to perform PCI-DSS audits.


CB referencing ensures, for merchants and CB acquirers, that a range of services exists in the French language, adapted to the CB market and that there is total confidentiality of the data collected during these audits.


6 "QSA" companies currently have CB referencing granted :





PCI... What are DSS and SSC?Guide for the attention of developers/hosts for merchant websites