What is PCI DSS?

What is PCI DSS?

From the world’s largest corporations to small Internet stores, compliance with the PCI Data Security Standard (PCI DSS) is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customer’s payment card data secure. The size of your business will determine the specific compliance requirements that must be met.

Developed by the founding payment brands MasterCard Worldwide, Visa International, American Express, Discover Financial Services and JCB. The standard was developed to help facilitate the broad adoption of consistent security measures on a global basis. The five founding members jointly formed an independent regulatory organisation called the PCI Security Standards Council (PCI SSC) to promote the standard which was launched on September 7, 2006.
The Standard can be found on the PCI SSC’s Website

PCI DSS covers systems, policies and procedures around:
  • Building & maintaining a secure network
  • Protecting cardholder data
  • Maintaining a vulnerability management programme
  • Implementation of Strong Access Control Measures
  • Regularly monitoring and testing of networks
  • Maintaining an Information Security Policy
Who needs to comply?

Any merchant, acquirer and issuer bank, and service provider that processes, stores or transmits credit or debit card data, and any connected party to them.

Does PCI DSS apply to you?
  • Do you process credit card transactions?
  • Do you store credit card information? (paper or electronically)
  • Do you take online credit card payments?
  • Do you handle credit card information on paper, online, over the phone or via mail?

If you answered yes to any of the above questions PCI DSS applies to you.

Why is PCI DSS important?
  • To manage risk
  • Losses due to fraud
  • Negative publicity
  • Loss of consumer confidence
  • Threat of enforced regulation
  • To protect consumer data

Credit card fraud and identity theft are rampant across the globe and affecting millions of consumers and businesses everyday. The media is filled with stories of credit card information breaches and payment card industry have determined a need for a concerted and comprehensive response. The development of the PCI DSS is a critical step in this direction. The standard continues to be strengthened and refined through the joint efforts of PCI SSC, the credit card brands, acquirers and covered parties alike.

Why comply with PCI DSS?
  • To manage your risk
  • To protect your customer data
  • To stay competitive in the market
  • To avoid punitive measures
  • Potentially significant fines incrementally increases
  • To stay in business

However as with all compliance regimes, it is imperative that sufficient robust discussion occurs for business reasons for compliance to be well understood.

Do organizations using third-party processors have to be PCI compliant?

Yes. Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore PCI.

What are the penalties for noncompliance?

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business. It is important to be familiar with your merchant account agreement, which should outline your exposure.

Where do I start?

If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard. PayChoice can help you by reducing the scope of PCI DSS requirements you need to fulfil by using our facilities. To find out your exact compliance requirements only from your payment brand or acquirer if you have or are applying for an internet merchant facility.

Ready to go?

What are you waiting for? If you are in business and you’re not accepting online payments, then you’re losing money. Start accepting all major credit cards,
anytime, anywhere.

Sign Up Today
(*) Required Fields