800-849-6515 24/7/365 Support Service Open

What is PCI DSS Compliance

Credit Card Data Security

PCI DSS Compliance logo

Overview

PCI DSS are standards all businesses that transact via credit card must abide by.

Originally created by Visa, MasterCard, Discover, and American Express in 2004, the PCI DSS has evolved over the years to ensure that online sellers have the systems and processes in place to prevent a data breach.

The PCI Security Standards Council (PCI SSC) defines a series of specific Data Security Standards (DSS) that are relevant to all merchants, regardless of revenue and credit card transaction volumes.

Achieving and maintaining PCI compliance is the ongoing process an organization undertakes to ensure that they are adhering to the security standards defined by the PCI SSC.

Do you need to ensure PCI Compliance for my organization?

If you operate your own on-premise or self-hosted cloud commerce solution, then the short answer is, yes.

Ecommerce PCI compliance is important whether you run a single brick-and-mortar retail location or you are a large organization selling goods across multiple stores and ecommerce sites, anywhere that your credit card merchant account has been connected and integrated requires attention.

All credit card transaction volumes your organization processes are aggregated across multiple channels (i.e. in store retail point-of-sale terminals and online payment gateways) and summed up to determine an appropriate PCI compliance level.

The security principle refers to protection of system resources against unauthorized access. Access controls help prevent potential system abuse, theft or unauthorized removal of data, misuse of software, and improper alteration or disclosure of information.

IT security tools such as network and web application firewalls (WAFs), two factor authentication and intrusion detection are useful in preventing security breaches that can lead to unauthorized access of systems and data.

How Your Ecommerce Platform Affects Your PCI Compliance

You can acquire ecommerce software in different ways:

  • Buying commercial software to run on your on-premise hardware
  • Using open source software on your on-premise hardware (the Do-It-Yourself approach)
  • Signing up for hosted software delivered as a service (SaaS)

Each approach strikes a different balance between your costs, benefits and ecommerce PCI risks and workload. The table sums up the highlights, and the following sections discuss each option in more detail.

We are PCI DSS Compliant

View our PCI DSS certification

PCI DSS Compliant Report Page 1