PCI DSS (Payment Card Industry Data Security Standard)
The standard for payment systems, set out by the Payment Card Industry Security Standards Council. There are several different levels of PCI DSS compliance, which can be awarded to merchants based on the number of transactions processed a year:
- PCI DSS Level 1 Compliance: 6 million Visa transactions per year
- PCI DSS Level 2 Compliance: 1-6 million Visa transactions per year
- PCI DSS Level 3 Compliance: 20,000 to 1 million Visa e-commerce transactions per year
- PCI DSS Level 4 Compliance: less than 20,000 e-commerce transactions per year or up to 1 million Visa transactions per year
Payment systems which fail to comply with the standard can be vulnerable to data theft, which can have disastrous consequences. One little-known fact is that, according to the PCI DSS, a system which permits a live call handling agent to receive payment details cannot be considered compliant. It is essential that all payment data be kept out of the hands of third parties when a transaction is taking place, to avoid the possibility of fraud.