Recently, electronic money has become more and more common and is gradually replacing paper banknotes. It is hard to imagine a modern person who does not have several plastic payment cards in his or her wallet.

Plastic payment cards are very convenient to use but, unfortunately, not always safe. And the more people that use such a convenient means of payment, the more urgent the question of money security in their card accounts. No one wants to lose their money.

To be able to guarantee the safety of their customers’ funds, companies such as Visa and MasterCard require merchants and various service providers that accept payments from customers through these payment systems to comply with the PCI DSS. This applies not only to large or large-scale corporations. Smaller businesses must also comply with this standard.

So what is the PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a data security standard for the payment card industry. It was developed by the Payment Card Industry Security Standards Council (PCI SSC), founded by international payment systems such as Visa, MasterCard, American Express, JCB and Discover.

The PCI DSS is a set of requirements to ensure the security of cardholder data stored, transmitted and processed in business information infrastructures. The standard comprises 12 precise and detailed requirements. Let’s list all of them!

PCI DSS requirements:
1. Network security.
2. Modification of IT infrastructure components.
3. Protection of stored data about cardholders.
4. Protection of transmitted data about cardholders.
5. Antivirus protection of IT infrastructure.
6. IS development and support.
7. Managing access to cardholder data.
8. Authentication mechanisms.
9. Physical protection of IT infrastructure.
10. IS management.
11. Event and action logging.
12. Monitoring of IT infrastructure security.

There is a misconception that the PCI DSS certification is a formality, which is easy to pass. This is simply not true. To comply with the standard, a company must apply a comprehensive approach to the information security of payment card data.

The key purpose of the PCI DSS is to ensure network infrastructure security and protect the stored data on payment cardholders, as these are the most vulnerable areas that directly threaten the loss of confidentiality and money.

PCI DSS regulates the rules of payment system operation as well as the procedures for their development and monitoring.

The PCI DSS focuses on the following aspects:
- Protection of cardholder data.
- Building and maintaining a secure network.
- Use of strict access control measures.
- Vulnerability management.
- Regular network monitoring and testing.
- Development of information security policy.

Which businesses are subject to the requirements of this standard?

The PCI DSS requirements apply to merchants, banks, various service providers, retail stores, call centers, payment gateways and other businesses and organizations which process, transmit and store cardholder data.

How can you determine if your company needs to comply with PCI DSS requirements?

If your company stores, processes or transmits payment card data and your business processes may affect the security of those cards, you need to get certified to comply with the PCI DSS.

Most business managers, directors and top executives have a misconception that the PCI DSS is only necessary for banks or huge retailers.

If your company stores, processes or transmits information about at least one card transaction or cardholder during the year, it is vital for you to comply with the PCI DSS.

It is also important to remember that international payment systems impose penalties on all companies that are required to undergo annual certification for compliance with the PCI DSS, but do not.

What does a company receive from a PCI DSS audit?

The benefits of passing a PCI DSS audit:

1. Compliance with the requirements of international payment systems.
2. Reduced risks from the potential disclosure of confidential information.
3. A better public reputation and stable position on the market.
4. Increased credibility and, accordingly, sales.

The only conclusion is that a company’s compliance with the PCI DSS is crucial in the business world!