What is PCI DSS Compliance?
PCI DSS stands for Payment Card Industry Data Security Standard. It is a set of technical and operational requirements set by the Payment Card Industry Security Standards Council (PCI SSC) to protect Account Data (Cardholder data and sensitive Authentication Data). The PCI SSC, Payment Card Industry Security Standards Council, is an independent body founded by the major credit card brands – American Express, Discover, JCB International, Mastercard, UnionPay and Visa Inc.
PCI DSS is the minimum baseline requirements for protecting Account Data. (Cardholder Data and Sensitive Authentication Data)
Cardholder data includes but is not limited to – cardholder name, expiry date, and primary account number.
Sensitive Authentication Data includes but is not limited to – the card verification code or value (the three or four-digit number printed on a payment card, the card’s magnetic stripe data or equivalent data on the chip.
Who needs to be PCI DSS compliant?
PCI DSS compliance is mandatory for any business that accepts credit and debit cards. Your obligation to be to comply with the PCI DSS is set out in your merchant services agreement (or equivalent). It applies to all entities that store, process, transmit or access cardholder account data, including merchants, processors, acquirers, issuers, and service providers. Also, as a merchant, you are not only responsible for your own compliance with the PCI DSS, but also for ensuring the compliance of any third parties that store, process, transmit, or access account data on your behalf.
How does my business become compliant?
Your acquirer/payment processor has provided you with access to an easy-to-navigate PCI DSS compliance reporting experience that makes it easy for you to report and attest your compliance.
If you need assistance or have any questions, simply reach out to your support team, contact information is available on your portal or email communications.
Benefits of becoming PCI DSS compliant:
- Protection of customer data through a high level of data security.
- Increased protection against financial losses e.g., non-compliance charges, breach related costs etc.
- Increased customer confidence, by complying with the industry security standards for card acceptance.
- Protection of your business brand from the devastating effects of a data breach.
- Supports adherence to Personal Data Protection Regulations as account data is considered personal data in scope for regulations such as the EU’s General Data Protection Regulation (GDPR).