• (800) 846-4472
pci dss

Understanding PCI DSS

What is PCI DSS?

Payment Card Industry Data Security Standards (PCI-DSS) is a set of security standards developed by the major card brands (Visa®, MasterCard®, Discover®, American Express® and others) to help protect sensitive cardholder data. As a merchant who accepts credit cards, you are required to protect your customers’ data and follow the PCI-DSS to safeguard against the threat of a data breach.

Why does it exist?

The PCI-DSS is designed to protect cardholder data from a data breach.  A data breach can result in thousands of dollars in fines from banks and card brands who are looking to recoup losses suffered when payment cards are used fraudulently.  When cards are used fraudulently, cardholders are typically not held responsible for the fraudulent transactions, thus the banks and card brands seek to recover some of those losses.  There are often additional costs related to forensic investigations and card replacement.

From the perspective of the business owner, a publicized data breach can also cost the business long term intangible value in the form of deteriorated trust and tarnished reputation among customers, resulting in future lost sales.

Who owns PCI?

The PCI Security Standards Council (PCI-SSC) is an open global forum that develops, maintains, and manages the PCI-DSS. The PCI-SSC’s aim is to protect and educate industry players such as merchants, processors, software developers, financial institutions, and other organizations that store, process, and transmit cardholder data.

When does PCI DSS get updated?

The PCI SSC systematically reviews its rules and regulations to address ever evolving security concerns, and releases a new set of standards every three years. Starting on January 1, 2015, the standards will transition from the 2.0 cycle to the 3.0 cycle. The new standards in 3.0 have been released so that merchants, dealers, and developers have time to review and complete any necessary remediation before 3.0 goes into effect.

Where does PCI DSS apply?

PCI DSS is a global initiative.  The security standards apply worldwide, anywhere that payment cards are stored, processed or transmitted. If you process credit cards at your merchant location, PCI DSS applies to your business.

How should you approach PCI DSS?

Because compliance is required, you should learn about PCI DSS and consider using a self-service PCI DSS program. Many credit card processors like Vantiv Integrated Payments , offer services that can help you comply with PCI DSS.  Vantiv Integrated Payments offers the tools to achieve and maintain compliance quickly and easily through our Merchant SecureAssist® solution, offered in collaboration with the compliance and data security experts at Trustwave®. 

The foregoing is provided for information purposes only, and is not legal advice. You should review your compliance obligations with your own legal or other advisors.

Visa, MasterCard, American Express, and Discover are registered marks belonging to one or more unaffiliated third parties that do not endorse or sponsor Vantiv Integrated Payments, LLC. 

Trustwave is a registered mark belonging to Trustwave Holdings, Inc; use of this solution requires your agreement to terms of use directly between yourself and Trustwave.  



At Your Fingertips

Download the EMV Handbook

The impending shift in liability for card-present fraud is driving a transition to EMV. Are you ready? This handbook can help you prepare.

Get ready for EMV. We can help.

Vantiv Integrated Payments is ready for EMV and has the technology and a network of providers that merchants need to enter the new era of payments.

Find a local POS Provider

This free service helps you find a POS provider who can help you identify and implement the best EMV solution for your business.

Thank you for your interest in
Vantiv Integrated Payments.
We just need a little info to get started.