Introduction to PCI DSS

What is PCI DSS?

PCI DSS (Payment Card Industry - Data Security Standard) is a security standard adopted by major payment card scheme providers (Mastercard, Visa, and American Express etc.), PCI DSS defines a set of technical and operational requirements that when implemented correctly, helps customers to maintain trust, protect their cardholder data and minimise the chances of a data breach resulting from processing cards payments.

 

Why is PCI DSS Important?

The importance of PCI DSS cannot be overstated in today's payment landscape. With threats on the rise, protecting sensitive payment data is paramount for businesses and customers alike. Compliance with PCI DSS not only helps mitigate the risk of data breaches but also builds trust with your customers by demonstrating your commitment to security.

 

Does PCI DSS also apply if I am processing offline/in-person payments?

Yes.

 

What does PCI DSS 4.0 mean for me?

PCI DSS applies to people, processes and technology that collect, store, process or transmit cardholder data, collectively these components can also be referred to as “Cardholder Data Environment” (CDE). In short: It depends on your setup. There are multiple requirements to PCI DSS Compliance depending if you are processing payments yourself or via a marketplace, depending on the type of integration you use, etc.

 

Although PCI DSS is not legally mandated, it is enforced globally and carries substantial penalties and costs for non-compliance. These financial consequences include non-compliance fees, legal expenses, and costs associated with forensic investigations, onsite QSA (Qualified Security Assessor) assessments, and security upgrades.

 

PCI DSS compliance is an ongoing process. Mollie customers processing card payments must validate their compliance annually by completing one of the official PCI Self-Assessment Questionnaire documents.

 

You can find more information about PCI DSS requirements in our guides: