PCI compliance doesn’t have to be complicated, but it is important.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
At the end of 2004, Visa and MasterCard got together to improve card security at an industry level– creating the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS has now become the global standard, also endorsed by Amex, Diners, JCB and Discover.
But the PCI DSS is not a ‘standard for standard’s sake’. It’s a collection of good practices that any business would do well to have in place. And you may find that you’re already a long way towards fulfilling the requirements of the standard.
In essence, the PCI DSS is about preventing the card payment information held by you, or your third parties, from being used fraudulently – and avoiding the financial loss and damage to your reputation that can result.
If you’d like to access all the details of the standard, please visit the PCI Security Standards Council site at
The PCI Data Security Standard applies to any business that stores, processes or transmits cardholder data. It applies equally to manual processing and storage of cardholder information, as well as electronic methods of storage.
You may, for instance, be storing cardholder information (e.g. card receipts from terminals) in a way the standard does not allow.
PCI compliance is part of your merchant agreement with Card Saver and your acquiring bank for accepting card payments. All merchants need to be registered as PCI DSS compliant via their respective Data Security Policy.
Failure to complete your self assessment resulting in being non-compliant will incur additional fees.
Levels of PCI Compliance
There are four different levels of PCI compliance. Each has their own specific requirements, and the level that you’re applicable for will depend on the number of payments you’re processing each year:
If your business processes over 6 million card transactions each year.
If your business processes 1 million to 6 million card transactions each year.
If your business processes 20,000 to 1 million e-commerce transactions each year.
If your business processes less than 20,000 e-commerce transactions each year and other merchants processing up to 1 million card transactions a year.
PCI Compliance checklist
To become compliant, you’ll need to meet a number of security requirements, sometimes called a PCI checklist. There are 12 requirements in total, but you may not need to comply with all of them, depending on the type and volume of transactions you process. These requirements can include:
- Install and maintain a firewall configuration to protect cardholder data.
- Don’t use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Protect all systems against malware and regularly update antivirus software or programs.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need to know.
- Identify and authenticate access to system components.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for all personnel.
Depending on your business, the form can be up to 300 questions long