The Payment Card Industry Data Security Standard, PCI-DSS, is a security standard for businesses. It mandates compliance for any merchants who store, process or transmit credit card data, including cardholder information. It is supported by all major card brands and exists to reduce credit card fraud by ensuring organizations use secure IT systems and follow good business practices while handling credit card data.
Adherence to PCI-DSS standards is mandatory for organizations wishing to process any of the major payment card brands, requiring an annual compliance assessment by either an external PCI Qualified Security Assessor (QSA) or by self-assessment, depending either on the volume of transactions handled or the requirements of the merchant’s bank.
And, as all retailers know, compliance with PCI-DSS is vital. Failure to achieve formal compliance, or a card data breach, can result in substantial fines and ultimately the suspension of the merchant’s license.
On top of the obvious reputational damage, this would inevitably lead to the enforcement of additional security measures and a requirement for forensic audits, all of which incurs significant cost to the business.