Payment Card Industry Data Security Standard
What is the PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is an industry-wide compliance requirement created for anyone who stores, processes or transmits payment card data (such as accepting credit card payments). The PCI DSS was created in collaboration with the different payment card brands: American Express, Discover, JCB, MasterCard and Visa. The requirements are designed to reduce payment card compromises and data theft by helping you secure your sensitive information and reduce your vulnerability to attacks.
What are my requirements?
As a merchant who stores, processes or transmits payment card data, you are required to be PCI DSS compliant by the payment brands and your merchant bank. To achieve PCI DSS compliance, you need to complete:
1. An annual Self-Assessment Questionnaire (SAQ) to determine if you are taking the proper precautions to protect your payment card data, similar to an insurance questionnaire, and
2. Quarterly security scans if your systems are connected to the Internet. The scans look for weaknesses that an attacker might use to access your systems. A PCI-certified Approved Scanning Vendor (ASV), such as 403 Labs, must conduct these scans. Failure to comply with the PCI DSS can result in data breaches and fines. You may also lose the ability to accept payment cards.