What is PCI Compliance?

The Payment Card Industry (PCI), which includes Visa, MasterCard, American Express and other leading card brands, requires service providers, banks and high-volume merchants to follow strict security guidelines, including:

  • Building and maintaining a secure network.
  • Protecting cardholder data.
  • Maintaining a vulnerability management program.
  • Implementing strong access control measures.
  • Regularly monitoring and testing networks.
  • Maintaining an information security policy.

Who does PCI Compliance apply to?

PCI DSS requirements apply to all organizations or merchants who accept, transmit or store any cardholder data.

What exactly is 'cardholder data'?

Cardholder data is any and all information which can personally identify or be associated with the cardholder. Information such as name, address, account number etc. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.

What if I only accept credit cards over the phone, does PCI still apply to me?

As mentioned above, any business which stores, processes or transmits card holder data must be PCI compliant.

Where can I find the PCI Data Security Standards (PCI DSS)?

You can find them on the PCI SSC's Website using the link.