Request a callback

What is PCI DSS compliant?


Question

What does it mean to be PCI DSS compliant? PCI DSS Certificate.

Answer

Index [Hide] [Show]

PCI DSS (PCI Data Security Standard) arises from the collaboration of Visa, MasterCard, Amex, Discover and JCB card brands united to combat online scamming. The goal of PCI DSS is to create a fraud-free environment for the merchants and the cardholders who are willing to make their purchases online.

What are the security policies of PCI DSS?

PCI DSS regulations affect all merchants that process, transmit or store card data. Security policies affect the following credit card payment methods:

  • Face-to-face payments through PIN pads, mobile Pin pads and Smartphones.
  • Non-face-to-face payments made via virtual POS terminals integrated on websites, MOTO, recurring and mobile payments. 

Security policies that PCI DSS implements to businesses are the following:

If the merchant processes the payments through a non-face-to-face virtual POS and for commercial purposes wants to store its clients credit card information, he needs maximum security on his server, software and sales procedure.

Steps to achieve PCI DSS certification. 

  • Know the structure of the online store to see where the card information will be stored.
  • Detect irregularities in the process of payment and storage of cards.
  • Audit detected irregularities and procedures to resolve them.
  • Program regular audits and scans for vulnerabilities every 3 months.
  • If a merchant is not obliged to certify its Virtual POS with PCI, it will have to fill in a questionnaire listing all the vulnerabilities of the terminal and proceed to resolve them. When the merchant wants to certify its Virtual POS with PCI, it will have to provide the information necessary to verify the non-face-to-face payment method implemented on the website.
  • If PCI does not find any vulnerability on its server, it will get certified, on the contrary, it will have to be corrected in order to store the data of its customers' cards.
  • If the commercial activity of a merchant supports face-to-face payment method (PIN Pad), it will have to fill in the questionnaire for face-to-face payments and adapt the software to the PCI DSS security regulations. The goal is to avoid dreaded card cloning.

How can I certify my terminal with PCI DSS?

In order to certify your terminal with PCI DSS, please check out the official list of qualified PCI certifiers. In this list you will find, by country and language, all certification companies. 



Make a question or comment
Pre-approval form