Who needs the PCI DSS certificate?
Such companies as VISA and MasterCard require from the trading enterprises and various service providers, who accept payments from the customers through these payment systems, to comply with the PCI DSS standard in order to have the security assurance that their clients’ funds are safe.
There is a misconception that the PCI DSS standard certification is a formality and the certificate can be purchased as a simple information sheet. But it’s not true. In order for an enterprise to comply with the standard, an integrated approach should be implemented to ensure the information security of these payment cards.
The PCI DSS standard requirements apply to the trading companies, banks, service providers of all kinds, retail stores, call centers, payment gateways and other enterprises and organizations that deal with the processing, transmitting and storing of cardholder data.
It’s worth noting that the PCI DSS standard requirements are mandatory for all Ukrainian banks.
How to determine if your company needs to comply with the PCI DSS standard requirements?
If your organization stores, processes or transfers the payment card data, and the business processes can affect the card security, you can safely say that you need to comply with the PCI DSS standard.
Most company administrators, directors and top managers are misled that the PCI DSS standard is only needed for the banks or huge trading networks.
It is very important to be aware of the following: if your organization stores, processes or transmits the information about at least one card transaction or cardholder during the year, then you, as a company, must comply with the PCI DSS standard requirements.
It is also very important to remember that the international payment systems provide for the penalty imposition on all organizations that are required to undergo an annual certification for compliance with the PCI DSS standard but for some reason don’t do that.
“IT Specialist” – G+