In the term "PCI DSS Compliance", PCI stands for Payment Card Industry and DSS stands for "Data Security Standard". Payment Card Industry Data Security Standard (PCI DSS) has been put forward by Payment Card Industry Security Standards Council because the council wants to protect customer data from hackers and other kinds of online criminals. PCI DSS
Compliance is basically need to be followed by the ecommerce companies
or other companies using their websites for accepting credit cards and
other personal information.
It must be said at this point that it is the biggest credit and debit card issuing companies such as MasterCard Worldwide, Visa International, JCB, Discover Financial Services, and American Express who have formed the Payment Card Industry Security Standards Council for protecting cyber theft of credit/debit card information from websites that use credit/debit card information. The standard of PCI DSS is updated on a periodic basis and the most recent version available is 3.0.
Some of the most important standards that need to be complied with according to Payment Card Industry Data Security Standard (PCI DSS) are given below –
- The SSL (Secure Socket Layer) needs to be installed in a proper manner. This is especially true while the site collects as well as transmits sensitive customer data as well as cardholder data. The standard necessitates sites collecting or transferring sensitive credit/debit card information to use 2048 bit key as well as an encryption level of 256-bit.
- Supposedly the most important requirement of PCI DSS is that the ecommerce sites or websites with which financial transactions take place must not store credit card data of customers on site. Such storage is required to be done on 3rd party payment gateway or subscription services like Recurly or Authorize.net CIM. Customer data are needed to be stored in as well as accessed from these third party services, according to PCI DSS. The PCI DSS however says that in case a site stores credit/debit card information, they can’t store security code. The credit card data should always be encrypted.