As the festive season approaches and more shoppers are buying online, it’s important to be compliant when selling online. It’s likely that you’re reading this because you have been made aware that you need to comply to PCI DSS, and you’re wondering where to start. Below we explain the what, where and how of PCI DSS compliance so you know exactly how to comply.
The Payment Card Industry Data Security Standard (PCI DSS) was created by the Payment Card Industry Security Standards Council (PCI SSC) which is governed by the following Payment Brands:
PCI DSS was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. Any organization involved in payment card processing which includes the storing, processing or transmitting of cardholder data (CHD) is usually contractually required to be PCI DSS compliant. Failure to do so could result in penalty fines to the organization.
PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. These requirements are broken down into 12 areas:
All merchants and service providers are categorized into different levels depending on the volume of card payment transactions the organization processes per year. There are four levels into which an organization can be categorized, with level 1 being the highest and level 4 being the lowest.
The volume of transactions per year that determines the categorization level of your organization also varies between the payment brands (Visa, MasterCard, American Express, Discover, and JCB). Therefore, it is highly recommended you confirm your organization’s transaction volume and categorization level with your acquiring bank. Once you have determined your level you will know what validation methods are required for your PCI DSS compliance.
Once you have aligned your business policies and procedures to become compliant to the PCI DSS framework, either by working with a consultant, using a CertiKit toolkit or doing it yourself, you will then submit the appropriate documentation to your acquiring bank.
We hope that has cleared up some common questions about PCI DSS compliance. If you are looking to know more, you can download our free detailed implementation guide straight to your email. This helpful guide will go through the twelve requirements in detail and outline the framework to get you started.