PCI-DSS Compliance

The Payment Card Industry Data Security Standard or PCI-DSS is a global IT security benchmark for cardholder protection developed by the Payment Card Industry Security Standards Council or PCI-SSC.

This payment model was specifically assembled in order to assist companies that utilize card payments in avoiding credit card fraud via enhanced restrictions around information and its vulnerability to compromise.

The PCI-DSS was initially started as five separate programs

The JCB Data Security Program, Discover Information and Compliance, American Express Data Security Operating Policy, MasterCard Site Data Protection, and Visa Card Information Security Program. Each and every one of the credit card companies involved had a similar, nigh-unified goal—to fashion an extra level of security for customers by guaranteeing that sellers meet the minimum levels of protection whenever they transmit, process, or store cardholder information.  

The PCI-DSS criterion is applicable to all companies that pass, hold, and process cardholder data from any card that sports the branded logo of the aforementioned credit card companies.

In addition, it's upheld by PCI-SSC, which maintains several other standards and protection requirements aside from it such as the PA-DSS (Payment Application Data Security Standard) and the PCI-PED (Payment Card Industry PIN Entry Device).

Compliance and validation can be ensured externally or internally, but it depends on how large the volume of transactions the enterprise is managing. 

As a rule of thumb, the larger the volume of transactions, the stricter the stipulations for compliance as imposed by these multinational credit card companies.

It is recommended to scan your site for PCI category vulnerabilities.

And fix every vulnerabilities and issues before you hire a PCI consultant to audit your site for compliance.

If you are not passing the PCI compliance tests in the first run it can be a costly affair to re do the test.