Payment Card Industry Data Security Standard (PCI DSS) is designed to promote consumer data security, reduce the chance of data breaches, and maintain a secure environment within the payment industry.
All businesses accepting or processing payments must meet the minimum standards set by the card-issuing companies.
- The PCI Standards are dictated by the card brands (Visa, MC, etc.) but administered by the Payment Card Industry Security Standards Council.
- PCI applies to all payment channels, including card-present, mail/telephone order, e-commerce, in-app, etc.
What do I need to know about PCI compliance?
- PCI DSS applies to any organization, regardless of business size or transaction volume, that accepts, transmits or stores any credit card information.
- Businesses fall into one of the four merchant levels based on their annual Visa or Mastercard transaction volume over a 12-month period. Although it may vary from card-brand-to-card-brand, these are the approximate thresholds and their equivalent Merchant Level:
- Level 1: Businesses processing over 6 million card transactions per year.
- Level 2: Businesses processing 1 to 6 million transactions per year.
- Level 3: Businesses handling 20,000 to 1 million transactions per year.]
- Level 4: Businesses handling fewer than 20,000 transactions per year.
- If you are Level 1-3, you would have an annual requirement to provide the minimum validation requirements.
- If you are a Level 4 business, compliance with PCI DSS is required, though annual validation or compliance is optional.
Good to know:
- Bambora completes quarterly network scans and is subject to annual on-site security assessments to ensure compliance is maintained.
- Failure to complete, pass and provide your compliance validation documentation within 90 days of your annual validation/revalidation due date may result in PCI DSS NonCompliance Fines.