What YOU Need to Know About PCI DSS

September 12, 2022
Hacker's Hand With Black Glove Stealing Credit Card Information. Close-Up, Isolated On Solid Color Background. Vector, Illustration, Flat Design.

As our economies continue to transition to cashless and contactless digital systems, it has become increasingly important to protect cardholder data. The U.S. Federal Trade Commission (FTC) reported a 44% increase in credit card fraud between 2019 and 2020. In 2021, it increased by a whopping 70%.

This increased threat calls for an increased level of preparedness from businesses. While it is impossible to avoid cyberattacks, you can adopt effective security procedures as laid out in the Payment Card Industry Data Security Standard (PCI DSS) to minimize or mitigate security risks.

What is PCI DSS?

Formed in 2004 by Visa, MasterCard, Discover, American Express and JCB International, PCI DSS —also referred to as PCI standard — is a set of security standards that mandate adequate security measures to store, process and transmit cardholder data.

All organizations that accept credit cards are required to meet 12 PCI DSS requirements. Merchants and service providers must also perform PCI DSS self-assessments and report the results to their merchant bank.

The scheme is now maintained by the Payment Card Industry Security Standards Council (PCI SSC). An upgraded PCI DSS version 4.0 was introduced by PCI SSC on March 31, 2022, to combat emerging threats.

Who needs to be PCI compliant?

If you accept, handle, store or transmit cardholder data, you must be PCI compliant. There are no exemptions based on the size of an organization or the number of transactions.

Credit, debit and even prepaid cards used by customers are considered cardholder data. Businesses that accept card data online, in the store, over the phone or on an app need to be PCI compliant.

Businesses that depend on third-party payment gateways must also be PCI compliant.


With Compliance Manager GRC, you can easily meet PCI DSS requirements, track the terms of your cyber risk insurance policy, and make sure your own IT policies and procedures are being followed. See it in action.


Why should businesses comply with PCI DSS?

Although the PCI SSC has no legal powers to compel compliance, its regulations are mandatory for all businesses that process credit or debit card transactions. Here are a few reasons to maintain compliance with the PCI standard:

Gain customer trust

A PCI DSS certification assures customers that you value data protection and have adopted adequate security measures to secure their credit, debit and prepaid card data.

Increased legal risks

Businesses that fail to maintain compliance face serious legal consequences and end up in costly lawsuits.

More prone to cyberattacks

Adopting PCI DSS ensures you are better protected against cyberattacks and makes you a less likely target.

Hefty fines

Violating PCI compliance regulations may force you to pay a monthly fine between $5,000 and $100,000. The card companies issue these fines based on a merchant’s transaction volume and the number of PCI DSS violations.

Higher bank charges

The card companies send penalties to the merchant banks, who then pass it on to you. The banks can charge a higher transaction fee, revoke your right to accept card payments and even close your merchant account for non-compliance.


Learn more about getting PCI certified while managing compliance with ALL your IT requirements, regardless of source. Download the PCI DSS data sheet and then request a demo of Compliance Manager GRC.