What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to ensure that all organisations that accept, process, store, or transmit credit card information maintain a secure environment.
PCI DSS was created by the Payment Card Industry Security Standards Council (PCI SSC), founded by American Express, Discover, JCB, Mastercard, and Visa. The standard applies to any organisation that handles cardholder data — regardless of size or transaction volume.
Key distinction:PCI DSS is not a law — it's a contractual requirement imposed by card brands through acquiring banks. Non-compliance can result in fines, increased transaction fees, or loss of card processing privileges.
The current version is PCI DSS v4.0.1, released in March 2022. It replaces v3.2.1 and introduced significant changes including the customised approach, targeted risk analysis requirements, and enhanced authentication mandates.