For the e-commerce sector, security in payment processes is the most important point that businesses should focus on. When it comes to data security in the payment step, the first thing that comes to mind is the PCI-DSS Standard (Payment Card Industry Data Security Standards). In this article, we will cover in detail what the PCI-DSS Standard is and what it is used for.
What is PCI-DSS?
PCI-DSS Standard (“Standard”), which stands for “The Payment Card Industry Data Security Standard”, is a set of policies and procedures that aim to process, store and transfer card information in payment processes in accordance with established global security standards and thus protect card users.The standard was established jointly by MasterCard, Visa, American Express, Discover and JCB International in 2004. In the following period, the PCI Security Standards Council (PCI SSC) was established as an independent body to manage these standards.It is necessary for businesses to adopt the Standard in order to provide confidence to the consumer and to protect payment transactions.
What is it used for?
PCI DSS standards set forth the rules that all businesses that collect, process and transfer card data must follow in order to manage these processes securely. Although it does not constitute any legal regulation, this Standard is a measure of reliability for all banks working with global card system organizations, service providers working with these banks and businesses.Therefore, if your business accepts payment by card, it must comply with the rules set forth by the Standard. When it comes to compliance with the Standard, it refers to the fact that businesses must implement certain procedures when processing, storing and transmitting credit card data.In order to be certified for the Standard, a business must know which level of the Standard it falls under. The scope of this level is determined by the number of annual card transactions in four different levels:
- PCI Level 1: Businesses that process more than 6 million transactions per year
- PCI Level 2: Businesses that process 1 million to 6 million transactions per year
- PCI Level 3: Businesses that process 20,000 to 1 million transactions per year
- PCI Level 4: Businesses that process less than 20,000 transactions per year
After determining which level of Standard your business will apply to, you can learn the requirements of the PCI DSS Standard from the PCI SSC website. For more detailed information, you can review our blog post on the working principles of the PCI DSS standard .The Standard, which is the highest security certificate in Card Storage processes, publishes its new version at certain intervals. As part of this process, businesses are required to renew their certificates by fulfilling the requirements of each new version.If you are receiving support from a payment service provider or payment orchestration platform for your card storage processes, they must meet the requirements under the Standard.For example , Craftgate has updated its PCI DSS Level-1 Certificate by completing the relevant requirements for the v.4.0. certificate with the release of its new version .You can also contact us to offer your customers the convenience of paying with their stored cards by taking advantage of Craftgate’s highly secure card storage solution .
