What is PCI DSS and who needs to comply?
Consumers are becoming increasingly aware of the dangers of identity theft and PCI compliance shows you have secure procedures in place that keeps their payment information safe and secure. Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements that all businesses who handle credit or debit card payments must comply with. It provides business best practice guidelines to establish a "minimum security standard".
The PCI Security Standards require all merchants, regardless of size or number of transactions, who accept, store, transmit or process any cardholder data to comply with PCI DSS. The requirements, for the majority of merchants, are an Annual PCI Self Assessment Questionnaire and a Quarterly Network Scan.
PCI compliance handled by PayPal
With Website Payments Standard, Online Invoicing, Express Checkout and Website Payments Pro Hosted, PayPal handles the payment card information on your behalf and so greatly eases the burden of PCI compliance.
Did you integrate Website Payments Pro API direct with PayPal?
Get in touch with us to discuss your options or register with our partner Trustwave who can set you up with a PCI compliance solution:
How PCI DSS can help your business:
- Identify risks in the way you store or transmit customer data
- Set a clear path of action to address any data security risks
- Make sure your service providers do not put your data security at risk
- Show your customers that you take data security seriously
How PCI DSS can help you avoid problems:
- Reduce the risk of liabilities such as the cost of any fraud on compromised card accounts
- If your security is breached, legal and investigation costs can be substantial
- Protect your reputation and build trust with your customers
- Prevent disruption to your business
What happens if my business doesn't comply?
From a PayPal perspective, your Website Payments Pro account may be limited and eventually suspended. You can also be fined by the card schemes (MasterCard, Visa etc) when a data breach occurs.