PCI DSS - Payment Card Data Industry: Data Security Standard

Originally developed by MasterCard and Visa, the Payment Card Industry Data Security Standard – PCI DSS – is targeted to reduce the risks to the payment providers, merchants and their customers from card data security breaches. The PCI DSS standard is a contractual obligation that can be enforced by fines and restrictions. Compliance is a critical business issue for any merchant that holds card payment transaction data. Non-compliance to the correct PCI DSS standard can be costly and damaging with an increased risk of data theft.

The latest PCI DSS standards require merchants to:

  • Build and maintain a secure I.T. network
  • Protect cardholder data
  • Maintain a vulnerability programme
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

The FIS Payment Gateway and our solutions for Cardholder Present and Card Not Present payment processing can reduce the scope of your cardholder data environment and annual or quarterly PCI DSS assessment. For further information about PCI DSS, please visit the Payment Card Industry website:  www.pcisecuritystandards.org/merchants/

Merchant PCI DSS compliance requirements are dependent on the number of card transactions processed:

PCI DSS Level 1

Merchants who process over 6 million card transactions per annum (or merchants whose data has been compromised previously). Requirements: Annual onsite security audit and quarterly network security scan.

PCI DSS Level 2

Merchants who process 1 million to 6 million card transactions per annum. Requirements: Annual self assessment and quarterly network scan.

PCI DSS Level 3

Merchants who process up to 1 million eCommerce card transactions per annum. Requirements: Annual self assessment and quarterly network scan.

PCI DSS Level 4

Merchants who process up to 1 million card transactions per annum. Requirements: Annual self assessment and an annual network scan.

The FIS Payment Gateway, further information:

 

Request a call back

  • fields marked with asterisk(*) are required
  • This field is for validation purposes and should be left unchanged.
Close