Information security is fundamental in a world of buyers and sellers conducting commerce anywhere, anytime, any way they choose.

Payment Card Industry Data Security Standard (PCI-DSS) - The Facts

The Payment Card Industry (PCI) Data Security Standard (DSS) is being introduced worldwide by MasterCard, Visa, JCB and American Express. The aim is to stamp out debit and credit card fraud within Merchants, by imposing strict security standards on how cardholder data is handled and kept. Failure to comply with PCI DSS and any subsequent breach of card data within a Merchant's site may result in substantial fines and potentially, the inability to accept card payments.

PCI DSS Background

*In response to member, merchant and service provider feedback regarding the need for stronger information security and a single approach to safeguarding sensitive data for all card brands, Visa and MasterCard have collaborated in creating common industry security requirements. The alignment of Visa's Account Information Security Programme (PCI DSS) and MasterCard's Site Data Protection (SDP) Programme has led to the formation of a worldwide standard for consumer data protection across the payment industry that is known as the Payment Card Industry (PCI) Data Security Standard. PCI DSS incorporates all Card Scheme Standards:

• MasterCard SDP (Site Data Protection) security certification
• Visa PCI DSS (Account Information Security)
• Visa CISP (Cardholder Information Security Program)
• American Express DSOP (Data Security Operating Policy)
• Discover DISC (Information Security and Compliance) Who does PCI apply to?

*It is required that all entities that participate in the card payment system i.e. those entities that process, store or transmit cardholder account and/or transaction information adhere to the requirements of the PCI DSS. This includes all acquirers, merchants, retailers, and payment service providers.

[* source: VISA EU]

Merchant Levels ->