Nearly all businesses today accept credit and debit cards as a form of payment.
Because sensitive data is collected in connection with these payments, the payment
card industry has developed a comprehensive standard to help ensure the security of
cardholder account data. This standard is known as the Payment Card Industry Data
Security Standard or "PCI DSS," and is managed by the PCI Security Standards Council.
The PCI DSS applies to all businesses that store, process or transmit cardholder data,
and is enforced by the founding members of the PCI Security Standards Council —
Visa Inc., American Express, Discover Financial Services, JCB International, and
Ask your merchant bank or third party payment processor to assist you in determining how your
business can best comply with the PCI DSS. Data security requirements may vary depending on the
type of payment card processing device used, the sophistication level of your payment systems,
and the cardholder information you collect and store. For example, businesses that use only
imprint machines or standalone dial-out terminals — and do not electronically store
cardholder data — need only comply with a subset of the PCI DSS requirements. Businesses
using payment systems connected to the Internet or integrated payment applications (i.e.,
PC-based software applications) must ensure these systems are protected against computer-based