The PCI DSS is the Payment Card Industry Data Security Standard.
Here, Payment Card Industry refers to companies handling payment card data belonging to one of the 5 payment card brands: American Express, Discover, JCB, Mastercard, and Visa. In the mid-2000’s these 5 companies formed the PCI Security Standards Council to oversee development of a common security standard, to which everyone in the payment card space would be subject.
The PCI DSS is the security standard which is developed and maintained by the PCI Security Standards Council. All companies which handle debit or credit card data belonging to one of these 5 card brands are required to comply with the requirements in the PCI DSS to ensure the security of that card data.
The current version of the PCI DSS is v3.2.1 which was released in May 2018. You can download the current version of the standard from the PCI Council website.
Who must comply with the PCI DSS?
All companies handling payment card data are required to comply with the PCI DSS. However, what’s involved in demonstrating that compliance depends on a couple of factors:
- What kind of company you are? Are you a Merchant or a Service Provider?
- How many payment card transactions your business handles per year.
Companies are categorized into different levels; a breakdown of the different merchant levels and service provider levels by card brand is available.