Payment Card Industry Data Security Standard compliance is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment when processing credit card payments.
The Payment Card Industry Security Standards Council (PCI SSC) is a global forum originally formed by payment brands Visa, Mastercard, American Express, Diners and JCB International. It was created to manage the evolution of PCI DSS.
PCI DSS applies to all entities that process, store and/or transmit cardholder data. It covers technical and operational system components included in or connected with cardholder data. If you are a merchant who accepts or processes payment cards, you must comply with PCI DSS.
The 12 strong access control requirements of PCI DSS are:
You must ensure that you meet all 12 requirements as stated above as well as following the steps below:
If you are a merchant who is processing transactions, you are required to be PCI DSS compliant. Some acquiring banks do charge a PCI DSS compliance fee and some do not.
However, if you process transactions through the Cardstream gateway, it is fully PCI DSS level 1 Compliant. This means that if you use our hosted solutions, we are ensuring the merchant remains PCI DSS compliant, so it takes the inconvenience out of having to pay extra fees.
Non-compliance and compromising of the cardholders’ security data can lead to adverse consequences, including monthly penalties; data breaches; legal action; damaged reputation; and revenue loss.
PCI DSS compliance requires multiple layers of security through accurately configured firewalls and a continuously evolving IT security strategy based on threat monitoring and systems updates. Cardstream handles these for its Partners and merchants.
Due to stringent data management and compliance measures, PCI DSS compliant businesses such as Cardstream are a less inviting target for suspicious and fraudulent activity by cyber criminals and other malicious individuals.
Ecommerce is built on a foundation of trust. Your customers trust that you will securely transmit and process their sensitive cardholder information in compliance with PCI DSS standards. Meeting the international standards for secure network payments is an important way of building and protecting your reputation, one of your business’s most valuable assets.
The PCI DSS regulations were initiated by five of the world’s leading credit organisations (as mentioned above) in order to provide a mandatory level of protection for consumers by ensuring that merchants meet minimum levels of security when they process, store, and transmit cardholder data. Achieving PCI DSS compliance allows you to take your place among other international retailers and businesses who are committed to data security and protecting consumers.
Every business needs to be PCI DSS compliant. Anyone processing a transaction needs to be PCI DSS compliant.
Yes, depending on the size of your business you are responsible for ensuring your own PCI compliance by filling out a PCI DSS Self-Assessment Questionnaire.
To find out more about the different levels of PCI DSS compliance, click here to read our next blog on the topic.
It is advisable to be PCI DSS compliant as it means transactions are more secure and cost efficient. If you haven’t proved you are PCI DSS compliant through an SAQ or audit, you are likely to be charged a non-compliance fee by your acquiring bank.
For more information about PCI DSS, contact firstname.lastname@example.org