What is Payment Card Industry Data Security Standard or PCI DSS?
- Payment Card Industry Data Security Standard or PCI DSS is set of industry standards designed to protect payment card data, the standards are comprised of 12 broad requirements and collectively, more than 200 line item requirements. Intended to create an additional level of protection for consumers and reduce the risk of data breaches involving personal cardholder data.
Who needs to be PCI DSS compliant?
All entities that accept, store, manage, process, or transmit payment card information must be compliant.
I have limited payment card transaction volume. Do I need to be compliant with PCI DSS?
There are no exceptions, even for an entity that processes one payment transaction in a year need to be compliant. The specific validation and assessment procedures vary from one organization to another
What kind of organizations are required to be PCI DSS compliant?
- Financial institutions - such as banks, insurance companies, lending agencies and brokerage firms.
- Merchants - such as medical and dental offices to pharmacies, hospitals, schools and universities, clothing stores, government agencies, cafes, restaurants, and ecommerce companies.
- Individuals that accept payment cards for purchases, such as those at a farmer's market, food truck or crafts fair.
- Service Providers - such as transaction processors, payment gateways, customer call centers, web hosting providers and data centers, among others.