PCI-DSS stands for Payment Card Industry – Data Security Standard

 

PCI is a council of all the credit card companies that gathered together to create common security standards to adhere to (e.g., Visa, Mastercard, Discover, American Express). They cover credit card information and PII storage (Personally Identifiable Information).

 

You either have to select a vendor that can process credit cards for you and they adhere to PCI-DSS standards or you’ll need to meet the standards to run cards.

 

If the merchant you use fails their PCI-DSS annual ROC (Report On Compliance) they can’t process credit cards. You’ll have to go somewhere else.

 

Anyone that goes for PCI-DSS Compliance needs a qualified PCI QSA (List found here). An assessor/auditor that signs off on your compliance after going through the template with you.

 

That assessor is also periodically assessed and has to maintain active certification to do so.

 

PCI-DSS standards for Security are excellent controls.

 

They’re good guiding standards.

 

It gets deeper with levels, 1-4 , depending on how many transactions you process but that’s PCI in a nutshell.