What is the Payment Card Industry Data Security Standard?

The PCI DSS represents a common set of industry standards or best practices that help ensure the safe handling of sensitive information. These standards were established by the top credit card brands: Mastercard, Visa, American Express, and Discover.

Why do merchants need to be PCI compliant?

PCI DSS is mandatory for all merchants and is a critical component in securing your customers’ payment card data and safeguarding your business. Compliance helps you create and maintain a positive image and enhance consumer confidence. Failure to comply can result in fines, cancelled accounts and reputational impacts to your business.

What if merchants only have a standalone POS terminal?

All merchants, regardless of size or POS solution, are required to achieve and maintain compliance with the PCI DSS. As part of this process, you will be aided by a Qualified Security Assessor (QSA) and (if using an IP connection) an Approved Scanning Vendor (ASV) and complete a self-assessment questionnaire and any required system vulnerability scanning.

How will the services of a QSA help merchants become compliant?

• Verify all technical information given by the merchant or their service provider
• Use independent judgment to confirm the standard has been met
• Provide support and guidance during the compliance process
• Review the work product that supports the PCI DSS requirements and security assessment procedures
• Ensure adherence to the PCI DSS security assessment procedures
• Validate the scope of the assessment
• Select systems and system components where sample is employed
• Evaluate compensating controls
• Produce the final report