Nearly half of all American adults — approximately 127 million people — have had a fraudulent charge on their credit or debit cards.

In 2004, the Payment Card Industry Data Security Standard (PCI DSS) was created as an internationally uniform standard to make card transactions more secure for both businesses and their customers. Today, it is well regarded and the industry standard to secure confidential card data from fraud or theft and build trust with customers. 

Any organization that accepts, handles, stores, transmits, or could impact the security of card payment information will understand the importance of these objectives, especially if they’re trying to grow their business.

In this overview for beginners, we’ve broken down the PCI DSS framework into clear-cut fundamentals so you can quickly and easily understand whether you need to be compliant. 

You’ll learn everything you need to know about PCI DSS, including why it was created, how it applies to your business and customers, the benefits of compliance, and the consequences of non-compliance.

What is PCI DSS compliance?

What is PCI DSS and is compliance mandatory? Find answers to common questions around this framework.

Who Does PCI DSS Apply to?

Does PCI DSS apply to organizations that accept card payment data? What about processing or transmitting card payment data? Find out whether PCI applies to your business.

What are the Benefits of PCI DSS Compliance?

Is PCI DSS compliance worth the time and effort? Discover the many benefits of PCI DSS compliance for growing companies.

What are the Potential PCI DSS Fines and Penalities?

Understand the penalties for non-compliance, which can include fines, legal penalties, loss of business, and loss of reputation.


Depending on what PCI level your business falls under, you’ll need to complete a Report on Compliance (RoC) or a self-assessment questionnaire (SAQ). Learn more about these types of reporting documentation.