What is PCI DSS?

Payment card industry Data Security Standard (PCI DSS) is a set of security standards intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.

It was launched on September 7, 2006 to manage PCI security standards and improve account security throughout the transaction process. The PCI DSS is administered and managed by the PCI Security Standards Council, an independent body that was created by major payment card brands such as Visa, MasterCard, American Express, Discovery and JCB. The payment brands and acquirers are responsible for enforcing PCI compliance. 

The 12 requirements for PCI DSS compliance are:

  1. Use and maintenance of firewalls
  2. Proper password protections
  3. Protect cardholder data
  4. Encrypt transmitted data
  5. Use and maintain anti-virus software
  6. Properly update software
  7. Restrict data access
  8. Unique individual IDs for data access
  9. Restrict physical access to data
  10. Create and maintain access logs
  11. Scan and test for vulnerabilities
  12. Document policies

Non-compliance can lead to fines, legal penalties, loss of business and loss of reputation. PCI aims to increase security for customers by creating a standard set of guidelines that any company that accepts, stores, or transmits credit card information, regardless of number of transactions or size of transactions, must comply with to do business.