'PCI' stands for Payment Card Industry and 'DSS' stands Data Security Standard which is a set of security requirements for companies involved in the payment process of accepting, transferring or even storing card information.

The Payment Card Industry Data Security Standard (PCI DSS) consists of security protocols set in place to make sure all companies accepting, processing, storing or transmitting card information operate in a safe and secure environment.

The Payment Card Industry Security Standards Council (PCI SSC) started on September 7th, 2006 to take-up incorporating changes to the PCI security protocols, with an aim to keep improving payment account security of the transaction process. The PCI SSC, consisting of major card networks (Visa, MasterCard, American Express, Discover and JCB) manages the PCI DSS.

Who does PCI DSS apply to?

The PCI DSS applies to any company; no matter where it’s located, its size, or the number of transactions it processes. If the company is involved in the payment process of accepting, transferring or storing card information, these rules apply. Failure to comply with the PCI DSS rules results in paying a fine to even losing permission to accept cards for your business.

Is PCI compliance necessary for debit card transactions?

Yes. Any credit, debit and prepaid cards that carry any of the five-card networks’ brands, namely Visa, MasterCard, American Express, Discover and JCB, require PCI compliance.

Download Guide

Additional Reads

If you’re curious to know more about PCI compliance and get into its nuances, here are some references:

Learn more about Chargebee’s PCI compliance
Deep dive into PCI compliance here.

Get the scoop on what's new

Credit Card Data Portability?

Head back to Resources homepage for more