PCI Compliance

What You Need to Know

The Payment Card Industry Data Security Standard (PCI DSS) represents a set of security requirements created by the Payment Card Industry, to assure that all merchants adopt consistent data security measures to protect cardholder data. PCI DSS applies to ALL organizations or merchants, regardless of size, that store, accept or transmit any payment card information. In addition, merchants must utilize payment applications that are in compliance with the Payment Application Data Security Standard (a set of standards that all software vendors and developers must meet to ensure these applications do not store prohibited cardholder data, such as PINs), and approved PIN Transaction Security devices.

Payment Card Industry Data Security Standards (PCI DSS)

To satisfy the requirements of PCI, all merchants must complete a minimum set of requirements including completing an annual self-assessment questionnaire. Some merchants, depending on type and network environment are also required to conduct quarterly network scans as required by the Card Associations.

Additionally, all merchants are expected to adhere to the 12 Steps of PCI Compliance at all times in order to protect cardholder data and safeguard their network environment from unauthorized access.

To learn more about the specific requirements by merchant level and the 12 steps for PCI compliance, please access the PCI Security Standard Council’s website.

Payment Application Data Security Standard (PA DSS)

The Payment Application Data Security Standard (PA DSS), is the PCI Security Standards’ Council-managed program to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with PCI DSS.

PA DSS applies to software developers and integrators of applications that store, process or transmit payment cardholder data as part of authorization or settlement. It also applies to any payment applications that are sold, distributed or licensed to third parties.

All merchants must utilize payment software that is in compliance with the PA DSS. To learn more about PA DSS, please access the PCI Security Standard Council’s website.

To view a listing of validated (approved) payment applications as reported by the PCI Security Standards Council, please click here.

Payment Card Industry PIN Transaction Security (PCI PTS)

The Payment Card Industry PIN Transaction Security (formerly PCI PED) requirements focus on the protection of a cardholder’s PIN. All merchants must use approved PCI PTS entry devices as defined by the PCI Security Standards Council. A list of approved PIN transaction devices can be accessed here.