What is PCI DSS?


By  Mariana Haddadin , Product Development .

What is PCI DSS?

 

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to protect against credit card fraud and numerous additional security threats and vulnerabilities. Credit and Debit card providers such as MasterCard, Visa, and American Express, etc., implement the mechanisms and security controls specified and suggested in PCI DSS. It is a standard that was created as an answer to strengthen the protection of cardholder data after the major card breaching, back in 2005, when 40 million cards were compromised.

 

Being PCI-DSS Certified is an obligation and a requirement for any merchant, payment service provider, or technology that processes, stores and transmits cardholder data. The investment in becoming compliant with the PCI-DSS requirements would return in the form of tangible and intangible benefits such as:


  • Security improvement – decrease the risk of security breaches

  • Better customer relationship

  • Avoidance of costly fines. The risk is much more costly than the cost to comply

  • Better company and corporate image

  • Business Sustainability


When Organizations understand and weigh the benefits, being PCI-DSS compliant is not only a requirement, but rather a need to sustain a business, manage risk, and prevent fraud.

 

 

Why is it important for a Payment Service Provider to be PCI-DSS Compliant?


Payment Service Providers, by their nature, are critical for the processing of online payments and are considered a trusted partner in managing and completing a payment process. 


The latest e-Customer Service Index (eCSI) survey from IMRG revealed that more than half of online shoppers surveyed asked for better online security. Shoppers tend to always search and use secure payment methods instead of exposing their card details on each website they use.


Furthermore, online merchants are also aware of PCI DSS requirements and choose to select a Payment Service Provider with a PCI DSS compliant solution to shield them from having to undergo the certification themselves, time and resource-consuming process. In those scenarios, the Payment Service Provider will handle the PCI DSS requirements of the online merchants and provide them with a simple secure mechanism for capturing payments in a secure way. For online merchants, there are many points to consider when choosing a payment gateway, but merchants will always choose a provider with the highest security to give them and their customers the assurances needed.


Being out of compliance, for both a merchant and a Payment Service Provider, can lead to serious security incidents and data breaches that could be both extremely costly and highly damage a brand.



Is PointCheckout PCI-DSS Compliant?


PointCheckout is Certified as a PCI-DSS v3.2.1 Compliant Payment Service Provider. Being a processor of Loyalty and Reward payments payment, customer data and security is at the core of the company culture. The role of PointCheckout as a custodian and protector of the reward accounts, card data, and transaction details of the users, stipulates the strive to make sure the solution is both robust and secure, and customer data is always properly encrypted, tracked, and monitored 24/7 using the latest available technology. Each new feature that gets added is scrutinized by the PointCheckout security and compliance team prior to being released.



Last Updated  July 28, 2019