PCI DSS - all companies that hold, process or manage credit or debit card payments are subject to the rules and standards of The Payment Card Industry Data Security Standard (PCI DSS)

​

PCI DSS is a proprietary information security standard for organisation that handle branded credit  or payment cards from the major card schemes including Visa, MasterCard, American Express, Discover and JCB.

​

The PCI standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.  The standard was created to increase controls around cardholder data to reduce credit card fraud.  Validation of compliance is performed annually, either by and external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organisations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

​

Failure to comply with PCI DSS can attract a range of sanctions including fines and ultimately the withdraw of authority to use payment cards.

​

For more information visit their website.

​

​

​

​

​