Data security

Payment Card Industry Data Security Standard (PCI DSS)

All merchants that accept card payments and service providers that could impact the security of the cardholder data environment must comply with the security requirements defined in the Payment Card Industry Data Security Standard (PCI DSS).

The terms of the Concardis acceptance agreement state that a merchant is required to be PCI DSS compliant at all times and to provide appropriate documentation upon request.

This information is intended to provide technical and organizational guidance in accordance with the relevant requirements and the Acceptance Agreement.

What is PCI DSS all about?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of technical and operational requirements aimed at securing the payment system in general, and card data protection in particular, against global security threats.

It was developed by the Payment Card Industry Security Standards Council (PCI SSC) - a global forum of industry stakeholders supported by the leading payment brands. The goal is to combat increasing card data theft and subsequent fraudulent use of stolen card data, address related evolving industry risks including financial liability for all parties involved, and prevent loss of consumer confidence.

PCI DSS is the framework for security best practices to protect merchants, cardholders and industry stakeholders, adapting to evolving threats and supporting secure payments worldwide.

Broadly speaking, PCI DSS is about protecting card data and building trust with cardholders as the foundation for our industry ecosystem.