Live chat by BoldChat

PCI DSS FAQ

What does PCI DSS stand for?

PCI DSS stands for Payment Card Industry Data Security Standard.

Who created the PCI DSS standard?

The PCI DSS was created by the PCI Security Standards Council 2006 by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. to reduce credit card fraud. 

Who enforces the PCI standard?

The Council makes the rules but relies upon card issuers such as Barclaycard to enforce the rules. 

Do I have to be PCI DSS accredited to sell online?

The PCI DSS is designed to reduce fraud throughout the payment process whether the transaction takes place in a shop or online.  Retailers, or merchants as they are called, are divided up into 4 tiers.  Tier 1 merchants are those that carry out the most transactions.  Tier 4 those that carry out the least.  Tier 4 merchants can often self-certify but you can find out more information from the PCI website or from your bank.

Is there a deadline for compliance?

There is no specific deadline but your acquiring bank (the bank that provides you with the ability to take customers' card details) will expect you to work towards compliance.  It can subject you to fines or increased transaction charges if they feel you are not making sufficient progress towards accreditation.

If I use a PCI DSS service provider, will I be compliant?

The hosting environment that you choose to locate your database and website servers is just a part of PCI compliance.  There will be many processes, policies and procedures that you have to take responsibility for. A PCI approved service provider can help you work towards compliance but your organisation must take responsibility for overall compliance.

How much will it cost?

This is a difficult question to answer.  It depends upon whether you are a Tier 1 or a Tier 4 merchant and how much of your business is within scope.  You can speak to a QSA like CNS or your acquiring bank to find out more.

What happens if I am not compliant?

Your acquiring bank may start to levy regular fines until you start working towards compliance, or alternatively they could increase the cost of your transaction charges.