Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Welcome to the PCI Security
Standards Council's
resources for merchants!

This is where you will find what you need to know about the PCI Security Standards. You can also find out why and how to become compliant with PCI Security Standards, and how to make use of the information and services the Council offers to merchants worldwide.

From the world's largest corporations to small Internet stores, compliance with the PCI Data Security Standard (PCI DSS) is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customer’s payment card data secure. The size of your business will determine the specific compliance requirements that must be met. Note that enforcement of merchant compliance is managed by the individual payment brands and not by the Council – the same is true for non-compliance penalties.

The Council is here to help merchants through maintaining and enhancing the PCI Security Standards, providing education and training about protecting payment card data with the PCI Security Standards, and by serving as a forum for engaging with the industry on developing these standards. Our FAQs hold a wealth of information – to save yourself time, be sure to check there first when you have specific questions.

Protecting Cardholder Data Is Good For Your Business

  • Information Supplements
    Documents related to the security framework of the Payment Card Industry Data Security Standard (PCI DSS)

How do you comply with the PCI DSS?
It's a matter of following the 12 requirements in the standard, working with your acquiring bank and using the tools offered through the Council. Remember that PCI DSS compliance is an ongoing process, not a one-time event. You'll need to continuously assess your operations, fix any vulnerabilities that are identified, and make the required reports to the acquiring bank and card brands you do business with.

Details are available here.
What does PCI DSS compliance mean?
In security terms, it means that your business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. In operational terms, it means that you are playing your role to make sure your customers' payment card data is being kept safe throughout every transaction, and that they – and you – can have confidence that they're protected against the pain and cost of data breaches.

The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process - including preventing, detecting and reacting to security incidents. The updated version, version 1.1, developed by the founding members of the PCI Security Standards Council, became effective with the launch of the PCI Security Standards Council.
Compliance with data security standards can bring major benefits to businesses of all sizes, while failure to comply can have serious and long-term negative consequences. Learn More
The PCI Security Standards Council encourages all businesses that store payment account data to comply with the PCI DSS to help lower the brand and financial risks associated with account payment data compromises. The PCI Security Standards Council does not manage compliance programs and does not impose any consequences for non-compliance. Individual payment brands, however, may have their own compliance initiatives, including financial or operational consequences to certain businesses that are not compliant.
No, the PCI Security Standards Council does not replace the individual brands' compliance programs. The individual participating payment brands separately determine what entities must be compliant, including any brand-specific enforcement programs.
If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard. You can find out your exact compliance requirements only from your payment brand or acquirer. However, before you take action, you may want to obtain background information and a general understanding of what you will need to do from the information and links here.

Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.