PCI DSS compliance is mandatory for organisations that store, process or transmit cardholder data as part of their merchant agreement with their acquiring bank. In addition, adhering to PCI DSS is a way of keeping your organisation and your customer’s information safe from abuse. It could even help show that you comply with other regulations such as the General Data Protection Regulation (GDPR).
The Payment Card Industry Data Security Standard or PCI DSS is a set of information security requirements designed to reduce payment card fraud and is applicable to any organisation that stores, processes or transmits cardholder data. PCI DSS is a global standard. The PCI Security Standards Council released PCI DSS v3.2 in April 2016. Failure to demonstrate compliance can result in severe restrictions being placed on organisations by the card issuers, including the ultimate sanction of withdrawal of card authorisation facilities. PCI requirements are set by the PCI Security Standards Council and their applicability is based on how an organisation stores, processes or transmits payment card data.
For all organisations that have to be PCI DSS compliant it is not an insignificant challenge. There are more than 300 requirements that you need to design, implement and manage across your Cardholder Data Environment is difficult to achieve given everyday business constraints – legacy platforms, multiple service providers, staff shortages, business growth and constant change.