What is PCI DSS Compliance?

PCI DSS compliance is achieved by following the Payment Card Industry Data Security Standards, often called PCI for short. The standards are a set of technical and operational requirements to protect cardholder information. Essentially PCI DSS are the rules of engagement for processing payments. PCI aims to ensure that all entities accepting, storing, processing, or transmitting card information maintain a secure environment.

To whom does PCI apply?

PCI DSS applies to ALL organizations or merchants that accept, transmit or store any cardholder data. Find out who needs PCI compliance and exactly what that means for you. Read More

Who makes the rules?

The Payment Card Industry Security Standards Council (PCI SSC) administers PCI. The Council maintains, evolves and promotes the PCI set of standards. It was founded by the major payment brands American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. Those card brands enforce the standards, not the Council.

Why does PCI DSS compliance matter?

According to PrivacyRights.org, more than 868 million records with sensitive information have been breached between January 2005 and June 2014. Not only does credit card fraud cause a major headache for the cardholder, it can ruin a merchant’s reputation and potentially its sales.

A data breach could also come with other baggage including

Each data breach or fraudulent activity affects the entire transaction ecosystem. That ecosystem includes cardholders, merchants, devices, software, processors, networks, and banks, among others. If a bad guy infiltrates any point in the ecosystem, everyone suffers the consequences. PCI DSS Compliance matters because we all must do our part to prevent and detect credit card fraud.

Consequences and Rewards

PCI in Pictures