What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of security standards to ensure that companies handling credit card information maintain a secure environment. Developed to safeguard card information and mitigate fraud, PCI DSS encompasses requirements for security management, policies, procedures, network architecture, software design, and other crucial protective measures.

Compliance with PCI DSS is obligatory for all organizations that process, store, or transmit credit card data.

PCI DSS standard consists of 12 core requirements grouped into six categories to create a secure payment processing environment. Businesses must review these requirements to determine their level of compliance.

Establishing a Secure Network Infrastructure

• Deploying and Maintaining Firewall Configurations
• Avoiding Default System Parameters

Safeguarding Cardholder Data

• Securing Stored Data
• Encrypting Data Transmission

Implementing Effective Vulnerability Management

• Defending Against Malware
• Ensuring Secure Systems and Applications

Enforcing Access Control Measures

• Restricting Data Access Based on Business Needs
• Verifying System Component Access

Monitoring and Testing Network Security

• Tracking Access and Activity
• Regular Security Testing

Establishing Information Security Policies

• Formulating Personnel Security Guidelines

Merchant Obligations

As a merchant, you must comply with PCI DSS requirements based on your tier. This tier is determined by your total transaction volume over 12 months:

Level 4 Merchant

Processing less than 20,000 credit card e-commerce transactions annually or handling up to 1 million transactions annually.

Requirements

1. Self-Assessment Questionnaire
2. Attestation of Compliance
3. Proof of Quarterly network scan by an Approved Scan Vendor

Level 3 Merchant

Processing 20,000 to 1 million e-commerce credit card transactions annually.

Requirements

1. Self-Assessment Questionnaire
2. Attestation of Compliance
3. Proof of Quarterly network scan by an Approved Scan Vendor

Level 2 Merchant

Processing 1 to 6 million credit card transactions annually.

Requirements

1. Self-Assessment Questionnaire
2. Attestation of Compliance
3. Proof of Quarterly network scan by an Approved Scan Vendor

Level 1 Merchant

Processing over 6 million credit card transactions annually.

Requirements

1. File a Report on Compliance by a Qualified Security Assessor or Internal Auditor
2. Submit an Attestation of Compliance Form
3. Proof of a quarterly network scan by an Approved Scan Vendor