Is your eStore required to be PCI DSS compliant?


Payment Card Industry Data Security Standards (PCI DSS) introduced by the leading credit card brands (Visa, AMEX, Master Card, JCB and Discover) defines a set of technical as well as operational requirements designed to ensure that anyone who is storing, processing and transmiting credit card information maintains a secure environment. In other words, PCI DSS compliance ensures that transactions carried out on your eStore site are as secure as possible.


Η ασφάλεια των ηλεκτρονικών συναλλαγών και το PCI DSS πρότυπο

Cardholder data is any personally identifiable data associated with a cardholder. This could be a Primary Account Number (PAN), cardholder name, expiration date, cardholder address, etc

The PAN is the determinant factor in the applicability of PCI DSS requirements. PCI DSS requirements are applicable if a PAN is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply!

It is important to clarify that storage of the data is not the only criterion. Transmission is also included. This means that if you transmit data, even if you don't do anything with it yourself, you will need to comply with PCI DSS requirements unless the data is encrypted before it enters your network and stays encrypted until it leaves your network.

Η ασφάλεια των ηλεκτρονικών συναλλαγών και το PCI DSS πρότυπο2

Another important thing to remember is that PCI DSS will apply irrespective of how many transactions you process. The number of transactions defines the level at which you will be assessed.

PCI by itself is not a law, but a requirement of your contract with the credit card companies. Merchants that do not comply with PCI DSS may be subject to fines, card replacement costs, costly forensic audits, brand damage, etc., should a breach event occur. For a little upfront effort and cost to comply with PCI, you greatly help reduce your risk from facing these extremely unpleasant and costly consequences.

For those who wish to be compliant and also wish to have the highest security (both for users and also to protect you from fines etc) the use of a PCI compliant payment gateway to process your payment is your best bet (i.e. PayPal, Realex, ).