Empay, the world’s first contactless instant credit lifestyle payment ecosystem, launched in Dubai

PCI DSS- A quick guide

When it comes to security regarding online payments, one must have stumbled upon this term at some point or the other. What does PCI DSS stand for and why is it important to comply with it? PCI DSS stands for Payment Card Industry Data Security Standard and speaking generally, it is a collaboration between all the top end credit card companies in the World. Any business or organization that is intending to store, process or transmit a cardholder’s data should mandatorily comply with the PCI regulations. These regulations function on four levels, depending on the sheer number of transactions that are processed, debit/credit card wise by the company or business. In order to become PCI-DSS compliant, companies have to adhere to the six objectives laid out by them, namely- maintain a secure network, protect the cardholder data, maintain a vulnerability management program, strong control measures, maintain an information security policy and regularly monitor the networks. The four strata of the PCI-DSS is what determines how a company can remain compliant with PCI-DSS. Let’s take a look at these levels specifically. On level one we have the merchants who process more than six million real-world credit or debit card transactions annually, level two applies to merchants who process between one and six million transactions, level three corresponds to merchants who process annually between 20,000 and one million e-commerce transactions and level four Applies to merchants who process annually fewer than 20,000 e-commerce transactions or those who process up to one million real-world transactions. Now, the assessment on each of these levels are also different. Starting with level 1 where the maximum transactions occur, a detailed process exists where an authorized PCI Qualified Security Assessor will conduct an annual internal audit and an on-site evaluation. On level 2 security testing on hosts and applications is conducted on a regular basis while in level 3 and level 4, only a yearly assessment is required.

Basically, a PCI-DSS standard ensures trustworthiness amongst the customers and when businesses fall short of adhering to it, strict penalties are to be faced and the payment accepting ability may be even prevented for them.