Payment Card Industry Data Security Standard (PCI-DSS) is an international security standard enforced by Visa, Mastercard and other industry players to prevent fraud from data breaches in a company. It is intended for any business that transmits, receives or stores sensitive card payment data.
To comply, your business has to complete an application and periodical reviews of how card payments are handled in your business. Certain processes have to be followed to ensure payment data stay protected.
PCI-DSS compliance is especially important for remote transactions through a virtual terminal, where the merchant handles sensitive card details for one-off transactions, and card-on-file transactions where card details are saved for repeat payments authorised by the customer.
Online payments also require PCI-DSS compliance, managed either by you or the online payment system. Many of the biggest merchant service providers in the UK and US can assist in setting up this compliance, but it does usually cost a monthly fee – and non-compliance fees, if the paperwork has not been completed in time.
Pay-as-you-go online payment systems like Square and SumUp, on the other hand, do not require PCI-DSS paperwork.