PCI DSS is an acronym that pops up often in the payments landscape. It stands for “Payment Card Industry Data Security Standard” and is the term used to describe the necessary compliance to transmit, store, handle or accept credit/debit card data. It is usually referred to as PCI for short.

The term PCI DSS stands for “Payment Card Industry Data Security Standard” and is a set of security standards used to protect end-consumer credit card data and businesses from fraud.

All organizations, regardless of size and transaction volume that accept, transmit or store credit, debit or prepaid card data from the major card networks (American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc) must comply with the PCI standard.

PCI compliance is required for any business that transmits, stores, processes or accepts credit card data. It doesn't matter how big your business is or how many or few transactions you process. The PCI standard must be ensured either by the merchant itself or by the 3rd party payment processor.

PCI-DSS was introduced in 2004. As payment fraud increased, credit card industry leaders decided to develop common security standards. The founding members of PCI - American Express, Discover Financial Services, JCB International, Mastercard and Visa - developed PCI DSS, and on December 15, 2004, the standard became mandatory for credit card data storage.

PCI compliance has been mandatory for business that transmit, store, or handle credit card data since December 15, 2004.

If required for business purposes, a PCI DSS compliant business is able to store the cardholder's name, PAN, expiration date, and service code.

Further Information: