PCI DSS (Payment Card Industry Data Security Standard) is information security standard originally setup by major card companies (Visa, MasterCard, American Express, Discover, and JCB). It is important because it provides a set of consistently revised guidelines that form a baseline for the security of consumer/ cardholder data.
This means PCI standards help online businesses create a safe environment to process transactions via credit cards. Through strict adherence to these standards, a robust internal information security system can be created and customized for an online business’ specifications. The standards also help keep track of cardholder data’s journey from origin to storage and identify possible prevent interruptions and consequent frauds.
The risks can be breach in data security and the resultant loss of trust and reputation. Card companies can even slap hefty fines on non-compliant businesses conducting transaction through their service, which can be severely traumatic for businesses whose scale lean towards the ‘smaller’ side of spectrum.
Note that small merchants and service providers need only be compliant, not necessarily explicitly validated for compliance with PCI standards.
PCI DSS was released to protect cardholder data and prevent credit fraud. There are 6 major steps, divided into 12 requirements with numerous subsections (that total to over 300) for each one of them.
Take a look:
Magento has a payment application/bridge that meets a specific version of the PCI DSS, the PA DSS or Payment Application Data Security Standard. This standard is a stand-alone certification process offered by the regulatory council to eCommerce platforms and applications. Magento’s payment application/bridge is PA DSS certified.
Note that although Magento comes with a PA-DSS compliant application/payment bridge, it does not automatically make you PCI compliant, since a number of PCI controls and requirements lie outside the scope of Magento platform.
Compliance with PCI DSS standards is rewarding in the long run: it helps keep your cardholder data secure and fosters consumers’ trust in your online store. Despite criticisms that call the PCI standards “subjective to interpretation and implementation”, “expensive”, or “confusing”, the standard requirements should be undertaken and maintained continuously.