Why PCI DSS?

The PCI DSS is an important standard for any organisation storing, processing or transmitting credit card data. The standard has been created to assist in ensuring that sensitive customer data remains secure at all times, and its main focus is on ensuring the security of all systems that have access to this sensitive information.

The PCI DSS was developed by the major credit card companies to assist merchants in preventing credit card fraud, and to improve security around processing and storing credit card details.

"PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply."

Any ecommerce merchant which has systems which access cardholder data through any of the above mentioned methods must be PCI DSS compliant. Depending on the number of ecommerce transactions processed annually determines what processes the merchant must undertake to ensure compliance. These processes include a Self-Assessment Questionairre, an External Vulnerability, and/or an Onsite Review by an external Qualified Security Assessor (QSA).

Processes for Relevant Merchants

Level	Level 1	Level 2	Level 3	Level 4
Description	More than 6 Million Transactions per Annum	Between 1 million and 6 Million Transactions per Annun	Between 20,000 and 1 Million Transactions per Annun	Below 20,000 Transactins per Annum
Annual Self Assessment Questionairre	Optional	Required	Required	Required
Quarterly External Vulnerability Scan	Required	Required	Required	Required
Annual Onsite Review	Required	Optional	Optional	Optional

For more information on the PCI DSS please visit Payment Card Industry Security Standards Council.