PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a security standard for protecting credit card data that all companies processing, storing, or transmitting card data must comply with.
PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a security standard established by the five major card networks (Visa, Mastercard, AMEX, Discover, JCB). It defines mandatory requirements for all businesses that process, store, or transmit credit card data.
The standard comprises 12 main requirements in six areas: network security, data protection, vulnerability management, access control, monitoring, and security policies. Compliance is verified through annual audits or self-assessments (SAQs).
For most online Comerciantes, using a PCI DSS-certified PSP significantly reduces their own compliance effort: when card data is processed via a hosted checkout or a tokenised payment form, the sensitive data never directly touches the Comerciante system.
PCI DSS Examples
An online shop uses the hosted checkout of its PSP. Card data is never stored on the shop server — the PCI DSS compliance effort is minimal.
A large retailer processes card data in its own system and must pass an annual PCI DSS audit by a Qualified Security Assessor (QSA).
A PSP tokenises card data: instead of the real card number, a token is stored, which is worthless to fraudsters.
PCI DSS FAQ
What is PCI DSS?
PCI DSS is the security standard of the credit card industry. It defines requirements for all companies that process, store, or transmit credit card data — to protect against data loss and fraud.
Do I as a Comerciante have to comply with PCI DSS?
Yes, in principle, every merchant that accepts card payments must comply with PCI DSS. However, for most online Comerciantes, the effort is greatly reduced if they use a PCI DSS-certified PSP with hosted checkout.
What is tokenization in the context of PCI DSS?
Tokenisation replaces the real card number with a token — a random value that is worthless to fraudsters. The token can be used for subsequent transactions without the need to store the real card details.
What happens in the event of a PCI-DSS violation?
Violations can lead to fines from the card networks, increased transaction fees, the loss of card acceptance and, in the worst case, liability claims in the event of data loss.
