The Payment Card Industry Data Security Standard (PCI DSS) is administered by the PCI Security Standards Council (PCI SSC) to decrease payment card fraud across the Internet and increase payment card data security. Organisations that accept, store, transmit or process cardholder data must comply with the PCI DSS.
If you are a merchant, the PCI DSS applies to you. Even if you have subcontracted all PCI DSS activities to a third party, you are still responsible for ensuring all contracted parties are compliant with the Standard.
” If your website or company are not PCI compliant, you run the risk of losing your merchant account, which means you won’t be able to accept credit card payments at all. “
The Standard requires all applicable merchants and member service providers (MSPs) involved with the storage, processing or transmitting of cardholder data to:
- Build and maintain a secure IT network;
- Protect cardholder data;
- Maintain a vulnerability management programme;
- Implement strong access control measures;
- Regularly monitor and test networks;
- Maintain an information security policy.