Overview

Every business that handles credit card transactions must abide by the Payment Card Industry Data Security standards - known as PCI DSS.

Created by Visa, MasterCard, Discover and American Express in 2004, the PCI DSS has evolved over the years to ensure that online sellers have the systems and processes in place to prevent a data breach.

The PCI Security Standards Council (PCI SSC) defines a series of specific Data Security Standards (DSS) that are relevant to all merchants, regardless of revenue and credit card transaction volumes.

By achieving and maintaining PCI compliance, organizations ensure they are adhering to the security standards defined by the PCI SSC.

Do you need to ensure PCI Compliance for your organization?

If you operate your own on-premise or self-hosted cloud commerce solution, then the short answer is, yes.

Ecommerce PCI compliance is important whether you run a single brick-and-mortar retail location or you are a large organization selling goods across multiple stores and ecommerce sites. Anywhere that your credit card merchant account has been connected and integrated requires attention.

All credit card transaction volumes your organization processes are aggregated across multiple channels (i.e. in retail point-of-sale terminals and online payment gateways) and summed up to determine an appropriate PCI compliance level.

The security principle refers to protection of system resources against unauthorized access. Access controls help prevent potential system abuse, theft or unauthorized removal of data, misuse of software, and improper alteration or disclosure of information.

IT security tools such as network and web application firewalls (WAFs), two-factor authentication and intrusion detection are useful in preventing security breaches that can lead to unauthorized access of systems and data.