What is PCI DSS Compliance?

 

PCI DSS compliance is achieved by following the Payment Card Industry Data Security Standards, often called PCI for short. The standards are a set of technical and operational requirements to protect cardholder information. Essentially PCI DSS are the rules of engagement for processing payments. PCI aims to ensure that all entities accepting, storing, processing or transmitting card information maintain a secure environment.

To whom does PCI apply?

PCI DSS applies to ALL organizations or merchants that accept, transmit or store any cardholder data. Find out who needs PCI compliance and exactly what that means for you. Read More »

Who makes the rules?

The Payment Card Industry Security Standards Council (PCI SSC) administers PCI. The Council maintains, evolves, and promotes the PCI set of standards. It was founded by the major payment brands American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. Those card brands enforce the standards, not The Council.

Why does PCI DSS compliance matter?

According to PrivacyRights.org, more than 868 million records with sensitive information have been breached between January 2005 and June 2014. Not only does credit card fraud cause a major headache for the cardholder, it can ruin a merchant’s reputation and potentially its sales.

A data breach could also come with other baggage including:

  • Fraud losses
  • Cost of reissuing new payment cards
  • Legal costs
  • Fines and penalties
  • Brand degradation
  • Higher costs for future PCI assessments
  • Employee turnover
  • Lower consumer confidence

Each data breach or fraudulent activity affects the entire transaction ecosystem. That ecosystem includes cardholders, merchants, devices, software, processors, networks, banks among others. If a bad guy infiltrates any point in the ecosystem, everyone suffers the consequences. PCI DSS Compliance matters because we all must do our part to prevent and detect credit card fraud.

Consequences and Rewards

  • Maintaining PCI DSS compliance is good business. It protects you and your customers from the bad guys.
  • If you don’t follow the standards, you are increasing the chances of a data breach and can be fined.
  • If you do follow them on a regular basis, your risk of suffering a data breach will be much lower. And your good PCI karma will be much higher if you believe in that sort of thing.

WHAT ELSE DO I NEED TO KNOW ABOUT PCI DSS COMPLIANCE?

We’ve distilled down the acronyms and industry jargon so that you don’t have to.

Who Needs to be PCI Compliant?

Sort of a trick question, but there are different standards for businesses, software vendors, resellers, etc.
Learn More »

The PCI Standards

Once you learn which standard applies to your business, learn how to be compliant.
Learn More »

What’s New with PCI 3.2?

The latest version was released at the end of April. We have the CliffsNotes for you.
Learn More »

PCI Self Assessment Questionnaires

There are 9 versions. Find out which is right for you.
Learn More »

What is PCI QIR?

Yet another acronym. We’ve simplified this one for you, too.
Learn More »

PCI in Pictures

spotlight

Hosted Payments

Reduce PCI hassles and match the look and feel of your site...

Read More »

Clearent Marketplace

Find business solutions that are seamlessly integrated with our payments platform...

Read More »

Custom-Built Virtual Terminal

A quick, easy, and secure way to accept payments in the office or on the go...

Read More »