PCI DSS at a glance

What is PCI DSS?

The PCI DSS ( Payment Card Industry Data Security Standard ) is a mandatory standard and consists of a set of security requirements, with which all businesses that process, store or transmit card data create a secure environment so that card transactions can be carried out safely.

Responsible for the creation and maintenance of PCI DSS is the PCI Security Standards Council ( PCI SSC ), an independent body formed by Visa, MasterCard, American Express, Discover, and JCB. The first version of PCI DSS was released on September 7, 2006, to manage PCI security standards and improve user security throughout the transaction process.

Businesses are responsible for their compliance with the PCI standard and the PCI council is responsible for managing the security standards, while the enforcement of compliance with the PCI Security Standards is enforced by credit card companies and banks.

Under the PCI DSS standard, any business that processes, stores, or transmits credit card data must comply with the standard. The specifications also apply to software developers and manufacturers of applications and devices used in such transactions.

The 12 requirements of PCI DSS

The PCI DSS specifications are broken down into 12 key sections.

  • Installation and maintenance of protective walls
  • Not using default access details and settings
  • Credit card data protection
  • Encryption of credit card data during public transfer
  • Use and update antivirus
  • Development and maintenance of secure applications
  • Data access restriction
  • Assigning users to unique IDs
  • Physical access restriction
  • Network-level access logging and control
  • Periodic system security check
  • Security policy maintenance

How are you categorized according to PCI DSS?

Merchants

Merchants are defined as businesses that receive credit card numbers to sell their own goods or services, typically using the services of a service provider, such as a hotel that uses booking.com to receive reservations with the customer's card details and the bank to complete the transaction.

 

Service Providers

Service Providers are defined as businesses that do not directly accept credit cards for their own use, but typically do so to provide a service to a merchant. Payments with credit cards on behalf of third parties. Indicative service providers are PayPal, Booking.com, etc.

 

How much does it cost?

Want to know how much your certification costs?

Why is PCI DSS important?

Card issuers are constantly monitoring and responding to account data breaches. A security breach and loss of credit card data have far-reaching consequences for your business, including:

  • Financial sanctions and fines
  • Damage to the company's reputation
  • Sales drop due to inability to accept cards
  • Legal implications due to PSD2 which now obliges businesses to financially protect their customers
  • Temporary or permanent cessation of the ability to accept credit cards
  • Increased compliance costs since the business is automatically upgraded to Level 1

Do you want to know the type and cost of your certification?

Cost calculation tool

With the easy-to-use certification type selection tool you can calculate the type and annual cost of your certification.

Cost calculation

TOP