What is the PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International to facilitate industry-wide adoption of consistent data security measures on a global basis.

Why was the PCI DSS created?

The PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures is intended to proactively protect customer account data.

I have never heard of PCI Compliance before, is this new?

No. Merchants have been advised to take the PCI Self-Assessment Questionnaire (SAQ) to identify potential security risks in order to achieve PCI compliance since 2008. The framework of the PCI data security standard is not new and has been required in different forms for some time now and continues to evolve.

What does this mean to me and my business?

All entities, merchants and service providers that store, process, or transmit cardholder data must meet PCI DSS requirements. Requirements for certification vary depending on the number of transactions an entity processes, and the manner in which they are processed.