Glossary

July 07, 2021

PCI DSS

PCI DSS stands for "Payment Card Industry Data Security Standard", and lays out the requirements that need to be met to transmit, store, handle or accept credit/debit card data.

What is PCI DSS compliance?

The term PCI DSS defines a number of requirements that need to be met in order to transmit, store, handle and accept credit card data. Depending on the scope, their are different levels of PCI DSS with different requirements. PCI DSS compliance is established through a certification process carried out by an independent auditor or via a self-assessment questionnaire (SAQ), depending on the scope. Merchants who do not store credit card details themselves, but instead use a third party vault, typically only require a SAQ.

Who does PCI DSS apply to?

All organizations, regardless of size and transaction volume that accept, transmit or store credit, debit or prepaid card data from the major card networks (American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc) must comply with the PCI DSS requirements.

When is PCI compliance required?

PCI DSS compliance is required by any business that transmits, stores, processes or accepts credit card data. There are various levels of compliance requirements, that depend on what data is stored and the transaction volume.

When did PCI DSS requirements come into effect?

PCI DSS was introduced in 2004. As payment fraud increased, credit card industry leaders decided to develop common security standards. The founding members of PCI - American Express, Discover Financial Services, JCB International, Mastercard and Visa - developed PCI DSS, which became mandatory from 15 December 2004.

When is PCI compliance mandatory?

PCI compliance has been mandatory for business that transmit, store, or handle credit card data since 15 December 2004.

What data can be stored?

If certified at the appropriate level and required for business purposes, the cardholder's name, PAN, expiration date and service code can be stored. Outsourcing the storage of sensitive payment data to a third party vault allows merchants to reduce their PCI DSS scope and thus qualify for a lower level of certification. Lower levels have less stringent requirements, and merchants who do not store any sensitive payment data themselves may be able to complete a self-assessment questionnaire. Businesses like IXOPAY who store credit card details need to undergo regular recertification and audits by an independent party.

Further Information:

News

March 24, 2021

3-D Secure Now and Then

How does 3DSv2 improve the consumer experience?

News

May 20, 2021

IXOPAY in "Who’s Who in Payments" Report

Read what The Paypers writes about leading payment orchestration provider IXOPAY

News

March 25, 2021

IXOPAY Featured in the RPGC Vendor Report

See how IXOPAY compares in an independent vendor report

Partner	Name	Description	Duration
IXOPAY GmbH	cookiesConsent	Cookie Banner. Stores your cookie settings.	12 Months
IXOPAY GmbH	_fm	User centric security cookie to detect authentication abuses. Filters out computer/bot generated Website requests.	30 Minutes
Google Ireland Limited	reCAPTCHA	User centric security cookie to detect if a human being or a computer is making a specific entry in our contact or newsletter form.	6 Months
Cloudflare Inc.	cf_clearance	Used by Cloudflare (Website Security Network) to identify trusted web traffic, and protect our website against malicious activity (see Cloudflare's Cookie Informations).	30 minutes

Partner	Name	Description	Duration
Google Ireland Limited	_ga	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	2 years
Google Ireland Limited	_gid	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	24 h
Google Ireland Limited	_gat_ua-keynumber	Analytical cookie set by the service Google Analytics used to throttle the request rate, limiting the collection of data on Websites with high traffic.	Session
Google Ireland Limited	_ga_container-id	Cookie set by the service Google Analytics 4. The cookie is used to persist session state.	12 month
Microsoft Ireland Operations Limited	Clarity	Analytical service capturing your interactions on the Website such as how the page has rendered and what interactions you had on the Website (surfing behavior: mouse movements, clicks, scrolls). Microsoft collects or receives personal data from us to provide Microsoft Advertising (see Microsoft Privacy Statements). Sensitive content such as passwords, usernames, and user input are masked before sending to Microsoft.	12 months
Dealfront Group GmbH	_lfa	Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Leadfeeder only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visit data is aggregated Dealfront Group GmbH / Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Dealfront only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visitor data is aggregated on the company level (no reference to natural persons). Via a connection to Google Analytics, Dealfront shows company visitors' interactions on the Website (pages viewed, visitor source and duration of session). Dealfront also enriches that company data with contact data for individuals from publicly available data sources (eg. LinkedIn).	24 months

Partner	Name	Description	Duration
Google Ireland Limited	_gcl_au	Conversion-cookie set by the service Google Ads for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners.	3 months
Google Ireland Limited	_gac_gb_container-id	Cookie which connects Google Analytics und Google Ads. Google Ads website conversion tags will read this cookie.	90 days
Microsoft Ireland Operations Limited	Universal Event Tracking (UET)	Conversion-cookie set by the service Microsoft Advertising for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners. In general, the cookie in the relevant domain and your IP address are passed to Microsoft with every http request and not just via UET.	13 months