What do I need to know about PCI compliance?

Payment Card Industry Data Security Standard (PCI DSS) is designed to promote consumer data security, reduce the chance of data breaches, and maintain a secure environment within the payment industry.

All businesses accepting or processing payments must meet the minimum standards set by the card-issuing companies.

Must know:

  • The PCI Standards are dictated by the card brands (Visa, MC, etc.) but administered by the Payment Card Industry Security Standards Council.  
  • PCI applies to all payment channels, including card-present, mail/telephone order, e-commerce, in-app, etc.

What do I need to know about PCI compliance?

  • PCI DSS applies to any organization, regardless of business size or transaction volume, that accepts, transmits or stores any credit card information.  
  • Businesses fall into one of the four merchant levels based on their annual Visa or Mastercard transaction volume over a 12-month period. Although it may vary from card-brand-to-card-brand, these are the approximate thresholds and their equivalent Merchant Level:
    • Level 1: Businesses processing over 6 million card transactions per year.
    • Level 2: Businesses processing 1 to 6 million transactions per year.
    • Level 3: Businesses handling 20,000 to 1 million transactions per year.
    • Level 4: Businesses handling fewer than 20,000 transactions per year.
  • For all levels, compliance with PCI DSS is required, as well as annual validation 

Good to know:

  • Worldline completes quarterly network scans and is subject to annual on-site security assessments to ensure compliance is maintained.
  • Failure to complete, pass and provide your compliance validation documentation within 90 days of your annual validation/revalidation due date may result in PCI DSS NonCompliance Fines.
Was this article helpful?
9 out of 16 found this helpful