What is PCI compliance? A Payment Card Industry Data Security Standard (PCI DSS) guide

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

It would take almost ten years for the world to recognise that, as the internet was evolving in the late 1990s, so was online payment fraud. 

Consequentially, credit card industry leaders developed a set of payment security standards. In December 2004, American Express, Discover Financial Services, JCB International, Mastercard, and Visa teamed up to introduce PCI DSS 1.0 .   

Fast forward to today, and card fraudsters and network hackers have to contend with advanced PCI DSS version 4.0

Don’t allow your business to become complacent, though. Even industry-leading POS systems are still at risk of a card data security breach, so it’s best to use precaution and become PCI compliant. In late 2020, Forbes reported on two payment terminal manufacturing giants who unintentionally made hacking customer credit card data easier.

These days an independent body—created by the founding members of PCI DSS, (namely, the PCI Security Standards Council (PCI SSC))—manage and administer PCI DSS. In this quick read, we’ll explore the definition of PCI, business benefits, implications when not adhered to, and how staying compliant can build customer confidence.


Prioritise business sales with a POS for faster payments

1. Simply tell us your needs

2. Receive free quotes

3. Compare prices and save money


What is PCI DSS compliance? 

Payment Card Industry Data Security Standard, or PCI DSS, is a data security standard which protects transactions made with cash, or branded debit and credit cards from the major providers. 

How does PCI DSS protect my customers?

It protects purchasers against misuse of their payment and personal information. Complying with PCI DSS is also likely to build trust in the relationships between you and your customers, as they’re aware that your business is conforming to a globally recognised information security standard. By doing so, their data is less likely to be breached.

Data breaches risk heavy penalties under the Regulation: up to €20 million or 4% of annual global turnover – whichever is greater.

IT Governance

How does PCI DSS protect my business? 

PCI DSS can help your organisation in so many ways. It ensures that you are accepting, storing, and processing payment data in the most secure way possible. It can also help you, or the payment organisations you work with, to prepare for and defend against network attacks by hackers looking to harvest card data. 

Aside from protection, it may also boost your brand’s reputation. Putting customer safety first is an attractive feature in any business, after all. 

Why does PCI DSS and security matter?

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

Throughout the years PCI DSS continues to develop its guidelines to better protect merchants and consumers from credit card data theft. 

PCI DSS compliance should be a top priority for you as merchant, as securing the customer payment process can lead to an uptake in successful customer sales.

Is PCI compliance required by law? 

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Tingey Injury Law Firm via Unsplash)

No, PCI DSS compliance is a regulatory standard, not a law. 

However, the legal ramifications and financial penalties for not complying with the standard, especially in the event of a data breach, can be weighty. 

IT Governance report that, under EU GDPR law companies who are non-compliant face “up to €20 million or 4% of [your business’] annual global turnover – whichever is greater” if theft or a network breach takes place.  

What happens if my business is not PCI compliant? Does my business need to be PCI compliant?

If a business is not PCI DSS compliant, they are liable for any fraud that takes place in their organization. Merchants could end up paying thousands in fines if there is a breach in security, and risking consumer loyalty. 

Additional liabilities may include: 

  • Fines upwards of $100,000.00 per month until the merchant is compliant 
  • All fraud losses from the compromised accounts
  • Credit monitoring fees, law suits, and more from state and federal governments
  • Costs to reissue stolen cards
  • Costs for future prevention measures 
  • And more…

PCI DSS provides detailed guidelines for merchants to make the compliance process manageable and successful. Initially, merchants have to complete an annual PCI self-assessment questionnaire

Your level of responsibility will be dependent upon the gross number of Visa, Mastercard or Discover transactions processed within your merchant account. 

Questions for the assessment can include: What do you do with receipts? Do you store card data in any way – and if so, is it written on paper or stored electronically? And others to establish the appropriate level for the merchant. Typically, a payment processing advisor is assigned to the merchant to assist with any questions or concerns. 

What are PCI requirements?

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

Following the PCI DSS requirements helps instil customer confidence when they pay for your services.  (Image credit: Oscar Wong via Getty Images)

There are 12 official PCI DSS requirements. We have condensed these into six points, each listed each below. 

Condensed PCI Security Requirements

1. Build and maintain a secure network utilizing a firewall and thoughtful passwords

2. Protect cardholder data in a safe place, encrypt data across open networks

3. Incorporate anti-virus software and develop secure systems to protect against vulnerabilities

4. Only allow limited, trusted parties to access cardholder data, assign unique IDs for individuals with access, and restrict physical access to data

5. Implement regular system and network tests, and change passwords frequently

6. Establish a security policy for employees and partners

Which PCI level applies to my business?

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Kiyoshi Hijiki via Getty Images)

The type of PCI compliance you engage with depends solely on how many transactions you process. 

You’ll then know if you need to comply with Level 1, 2, 3 or 4 of PCI DSS compliance. This is regardless of if you are online retailer, or have physical storefront. We take a closer look at the different levels below. 

PCI compliance levels
Level 1 PCI compliance Level 2 PCI compliance Level 3 PCI compliance Level 4 PCI compliance
Applicable if you process: Over 6 million card transactions annually 1 to 6 million transactions annually 20,000 to 1 million transactions annually Less than 20,000 transactions annually
Action to be taken External auditor must conduct business assessment Complete a self-assessment questionnaire (SAQ) Complete a self-assessment questionnaire (SAQ) Complete a self-assessment questionnaire (SAQ)

If your business is completing more than six million transactions a year an External Auditor must conduct a business assessment. This is to support the business, offer guidance, and see how well it is meeting the PCI compliance standards. The auditor the submits a Report on Compliance (RoC).

PCI DSS myths debunked

The PCI Security Standards Council have put together a fantastic list of myths about PCI DSS that tend to deter businesses. A popular one is that it’s too hard to setup. Beyond that, we’ve referenced other myths below, so you can quash industry gossip and become PCI compliant without any doubts. 

Simply swipe through the slide deck, using the arrows either side of the slide. 

Image 1 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)
Image 2 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

If your customers use cash, or a credit or debit card to pay for your services, you should be PCI DSS compliant.

Image 3 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

False! PCI applies to all businesses who require payment. 

Image 4 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

Not true. You need to comply with the full criteria. 

Image 5 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

You need to protect all customer payment related data.

Image 6 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

This is false, you need to be compliant regardless of business size. 

Image 7 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

Nope, completely untrue…

Image 8 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

Very bad idea. Your business will be open to extra penalties if you wait for this, or any other signal that you need to comply.

Image 9 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

False. 

Image 10 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

Wildly inaccurate and potentially illegal if you store customer data without consent. As a merchant you should not store:

Image 11 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

Not true. 

Image 12 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

It is your responsibility to ensure your business is PCI DSS compliant, don’t leave it up to another business, or chance. 

Image 13 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

PCI compliance affects every area of the business, because the financial penalties you may receive if you don’t comply will mean every area of your business loses money. 

Image 14 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

To an extent, yes, but it’s not hacker-proof. 

Image 15 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

Untrue. 

Image 16 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

You may need an external auditor, but this depends on the number of transactions you process per year. So, maybe depending on your business. 

Image 17 of 17

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Future)

See myth #9. 

What is the relationship between PCI DSS and EMV compliance? 

PCI DSS version 4.0, industry-leading POS systems, PCI Security Standards Council (PCI SSC), IT Governance, PCI self-assessment questionnaire, 12 official PCI DSS requirements, What is EMV?

(Image credit: Pexels)

PCI DSS is a set of security standards to implement alongside EMV technology. Meanwhile, EMV is incorporated to prevent fraud. Read our full guide to What is EMV?

Final thoughts

While PCI compliance allows merchants the opportunity to take the right steps to protect their business and customers from fraud, it is not hacker-proof. Business owners should be mindful to look for other security layers that protect customer data. 

Looking at years past, the most problematic areas merchants have with requirements include security system processes and testing, security policies and management, and maintaining secure systems. 

In the end, business owners must take action and must think towards the future. As a society, our digital footprint is in its infancy and as technology evolves, so must security to protect merchants and consumers. Solutions can make a world of difference when smart processes and strategies are implemented in conjunction. 

News Related

OTHER NEWS

SpaceX's Inspiration4 crew is having a blast and doing science in orbit (video)

© Provided by Space The Inspiration4 crew placed a video call to Earth on Sept. 17, 2021. From ultrasounds to ukelele jam sessions and space art, it appears the Inspiration4 ... Read more »

Gov't reconsiders 2nd Jeju airport project

A panoramic view of the site for a new international airport on Jeju Island / Korea Times file By Jun Ji-hye The government has taken a step backward in its ... Read more »

Millions of websites are about to get a significant speed boost

As part of its Speed Week 2021 event, Cloudflare has announced that it is the first CDN provider to implement server support at scale for a new internet standard called ... Read more »

Terry McGinnis avenges the murder of Bruce Wayne in Batman Beyond: Neo Year

© Provided by GamesRadar cover of Batman Beyond: Neo Year #1 Terry McGinnis, the Batman of the future, is returning in his own title that channels a classic Batman story ... Read more »

Olympian Ariarne Titmus receives the key to the City of Launceston

© Provided by Daily Mail MailOnline logo Swimming’s new golden girl Ariarne Titmus had an incredible run at the Tokyo Olympics last month.  And this week, the 21-year-old celebrated getting ... Read more »

Prince Andrew: Photo of legal papers being posted to the duke released by lawyers for Virginia Giuffre

Photographs showing papers notifying Prince Andrew about a civil sexual assault case against him in the US have been released by lawyers for his accuser Virginia Giuffre. Among the photos ... Read more »

Fortnite adds another virtual influencer to its battle royale

Last season, one of the more curious additions to Fortnite was Guggimon, a terrifying-looking rabbit creature that also happened to be a virtual influencer with millions of followers on platforms ... Read more »

Random: I played Sea of Thieves via Xbox Cloud Gaming on a pirate ship IRL

© Windows Central Ocean Trip Jez 2021 There once was a ship that put to sea… I recently went on vacation to the Baltic Sea in North Germany. You’d think ... Read more »

Amazon says it's permanently banned 600 Chinese brands for review fraud

Remember when gadget vendors Aukey, Mpow, RavPower, Vava, TaoTronics and Choetech started mysteriously disappearing from Amazon’s online storefront, and it turned out Amazon had intentionally yanked them while vaguely gesturing ... Read more »

SpaceX's first private crew shows what they've been up to in orbit

It was a brief orbital talent show. “Hayley is a champ at spinning,” Sian Proctor, one of the four private citizens currently orbiting Earth inside SpaceX’s Crew Dragon capsule, said ... Read more »

Universal Credit: 'I can't afford to live without cutting back on food'

Step Change have warned cuts to Universal Credit and the end of the furlough scheme could leave people homeless. (PA Images) Hundreds of thousands of private tenants face a gruelling ... Read more »

Older people and men ‘more likely to suffer' with Covid even after two jabs

Older people, men and those from ethnic backgrounds are more likely to end up in hospital or die even after they have been double-vaccinated against Covid-19, researchers say. Scientists used ... Read more »

How to not get pricked by a North American porcupine

Crossing paths with a porcupine isn’t an experience you’ll soon forget—it’s hard not to be intimidated by a ball of spines the size of a small dog. But the animal ... Read more »

Mississippi pregnant women are being turned away by vaccine clinics

Mississippi health officials are sounding the alarm about some pregnant women being turned away when they go get a COVID-19 vaccine. © Provided by Daily Mail MailOnline logo The vaccines ... Read more »

The AirPods 3 are already in production, according to a new report

After months of rumors, it came as a surprise to some that Apple didn’t unveil the AirPods 3 at this week’s California Streaming iPhone 13 launch event.  © Provided by ... Read more »

Here's how the new iPad Mini compares to the last-gen model

With the announcement and impending release of the new iPad Mini and its revamped design, it might be all too easy to stan the new model and completely write off ... Read more »

AR hospital staff must stop using Tylenol to get exemption for vaccine

© Provided by Daily Mail MailOnline logo A central Arkansas hospital system is requiring staff members who receive a religious exemption from getting the COVID-19 vaccine to also give up ... Read more »

Everyone's favorite power tools are coming to Windows 11

Power users are in luck as not only are Microsoft’s PowerToys utilities coming to Windows 11 but they’ll also be available to download from the Microsoft Store for the first ... Read more »

AMD isn't prioritizing cryptominers over gamers as Radeon RX stock stays tight

AMD’s Chief Financial Officer, Devinder Kumar, said that amid a global shortage of semiconductors affecting everything from cars to graphics cards, Team Red isn’t prioritizing cryptominers over gamers in terms ... Read more »

Dezeen wins four prizes at AOP Digital Publishing Awards 2021

Dezeen has been named Best Small Digital Publisher of the Year and scooped three other prizes at the Association of Online Publishers‘ annual awards ceremony. © Provided by Dezeen Four ... Read more »

MG smashes sales records amid booming demand for its electric vehicles

© Provided by This Is Money MailOnline logo MG has smashed its sales records amid booming demand for its electric vehicles. The British motoring brand has sold its 20,000th car ... Read more »

Who gets COVID boosters? The FDA's expert panel says it's complicated.

On Friday, an advisory committee to the Food & Drug Administration voted unanimously in favor of providing a booster dose of the Pfizer vaccine to Americans aged 65 and older, ... Read more »

Look up MONDAY! Harvest moon will light up the night sky on Sept. 20

© Provided by Daily Mail MailOnline logo The Harvest Moon is set to light up the night sky on Monday, September 20, which will be the full moon closest to ... Read more »

Epic Amazon sale: $24.99 Blink Mini, smart TVs, $180 AirPods Pro, Fire TV Stick, more

We’re rounding up this weekend’s best deals from Amazon, which include incredible sales on everything from smart TVs, the AirPods Pro, and security cameras to robot vacuums, air fryers, and ... Read more »

Google Pixel Fold release date, price, news and leaks

At the moment there are only a few companies really making foldable phones, and Samsung is dominating the market with handsets like the Samsung Galaxy Z Fold 3. But it ... Read more »

Apple mandates frequent COVID-19 testing for unvaccinated employees

Apple is implementing a new COVID-19 testing policy for US employees who work out of its offices and retail locations. Moving forward, the company will require unvaccinated employees to get ... Read more »

The Best Space Heaters for Warming Up Your Office, Garage, or Home

Winter doesn’t seem so long and dark when you’re comfortable at your desk, workbench, or on the couch. A portable heater can go a long way to ensuring that. However, ... Read more »

Pfizer and Moderna have revealed the way they're tracking how long vaccine protection lasts

A woman receives a COVID-19 booster shot in Netanya, Israel, on January 19, 2021. Ronen Zvulun/REUTERS New data show how Pfizer and Moderna measure the duration of their vaccines' protection. ... Read more »

IDW moves comic book store distribution to Penguin Random House

© Provided by GamesRadar IDW Publishing IDW Publishing has announced plans to move its Direct Market comic book distribution from Diamond Comic Distributor to Penguin Random House Publisher Services (PRHPS) ... Read more »

U.S. probes possible insider trading at Binance - Bloomberg News

© Reuters/Dado Ruvic FILE PHOTO: Representation of cryptocurrency Binance is seen in this illustration (Reuters) – U.S. officials are examining possible insider trading and market manipulation at global cryptocurrency exchange ... Read more »

Peach Momoko draws Kamala Khan for Ms. Marvel: Beyond the Limit #1 variant

© Provided by GamesRadar Ms. Marvel: Beyond the Limit #1 Marvel has postponed its planned comic book limited series Ms. Marvel: Beyond the Limit, which was timed to thematically tie-in ... Read more »

Snoopy and the Peanuts gang return for annual celebrity golf tournament

© Provided by GamesRadar Schulz Celebrity Golf Classic Golf was a big part of the Peanuts comic strip and the life of its creator, the late Charles Schulz. That relationship ... Read more »

Five industries affected by automation right now

By Laura Vogel If you work in retail, food service, warehouses, or health care, your newest co-workers may be robots, not human. Automation is replacing many of the roles done ... Read more »

France recalls its ambassadors to US and Australia in submarine deal backlash

Watch: France to recall ambassadors after AUKUS submarine deal snub France on Friday said it was immediately recalling its ambassadors to the US and Australia for consultations after Australia struck ... Read more »

2 shocking stats that show why ‘vaccine apartheid' is getting worse

Catherine Cargill becomes one of the first people to receive a third dose in England, as the NHS begins its COVID-19 Booster Vaccination Campaign. (PA Images) “I would go one ... Read more »

Florida man used Disney employee iPad to magically skip lines

There are tons of books and blogs telling you how to have a magical Disney World experience, but one Florida man discovered the ultimate travel hack: using an app that ... Read more »

AT&T is now offering an incredible iPhone 13 Pro deal for free with trade-in

Pre-orders for Apple’s latest devices are now live and some tempting iPhone 13 Pro deals have already emerged. Right now, AT&T is giving customers the opportunity to bag the iPhone ... Read more »

SpaceX's Inspiration4 mission is all anyone can talk about in this week's science news

What else is there to say, this week was all about the lead up to and the successful launch of SpaceX’s historic all-civilian Inspiration4 space mission. The excitement for the ... Read more »

29 brilliant Halloween costumes for twins or siblings

— Recommendations are independently chosen by Reviewed’s editors. Purchases you make through our links may earn us a commission. Halloween is every kid’s dream. Free candy and you get to ... Read more »