Payment Card Industry Data Security Standard (PCI DSS)

As you may be aware, to combat rising fraud all businesses handling payment card data are required to comply with new industry rules aimed at increasing data security.

The Payment Card Industry Data Security Standard (PCI DSS) applies to anyone that stores, processes or transmits payment data; the merchant and their third parties such as web hosting companies, payment gateways, software providers and processors all need to be compliant.

It affects all merchants immaterial of how they accept cards, face to face, mail or telephone order and via the Internet.

Acquirers are also required to comply with PCI DSS; our own service ePDQ is already compliant.

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a mandatory security standard delivered by both Visa and MasterCard for the protection and securing of card payment data. PCI DSS affects Acquirers, Merchants and their agents (any third party used to store, process or transmit card data).

 

PCI DSS originates from the Visa Account information Security Program (AIS) and MasterCard’s Site Data Protection Program (SDP).

Visa International and MasterCard Worldwide, along with American Express, Discover Financial Services and JCB, founded the Payment Card Industry Security Standards Council, with the express mission of delivering a broad adoption of the PCI DSS.

• What is required to be compliant?
• What do you need to do?
• How do PCI DSS penalties work?