PCI DSS is an acronym that pops up often in the payments landscape. It stands for “Payment Card Industry Data Security Standard” and is the term used to describe the necessary compliance to transmit, store, handle or accept credit/debit card data. It is usually referred to as PCI for short.
PCI compliance is a requirement that credit card companies ask business to have if they accept online credit card transactions. It helps to secure and protect card holders against payment fraud. The PCI Compliance Security Standard Council requires any merchant that wants to process, store or transmit credit card data, to be PCI compliant.
PCI compliance is required for any business that transmits, stores, processes or accepts credit card data. It doesn't matter how big your business is or how many or few transactions you process. The PCI standard must be ensured either by the merchant itself or by the 3rd party payment processor.
PCI-DSS was introduced in 2004. As payment fraud increased, credit card industry leaders decided to develop common security standards. The founding members of PCI - American Express, Discover Financial Services, JCB International, Mastercard and Visa - developed PCI DSS, and on December 15, 2004, the standard became mandatory for credit card data storage.
PCI compliance has been mandatory for business that transmit, store, or handle credit card data since December 15, 2004.
If required for business purposes, a PCI DSS compliant business is able to store the cardholder's name, PAN, expiration date, and service code.