If you take payment online, are you at risk of fraud and liability? PCI DSS explained.


PCI DSS is a set of rules created by the PCI Security Standards Council with the intention of protecting credit and debit card data and enhancing awareness of these standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.

Many people are confused about this so we have spent some time going through documents trying to un-ravel it for you. In short, if you are using a credit card terminal or are handling customer credit card details then you will need to research this further and probably either need to change the way you accept payments, or become PCI DSS Compliant.

Yes or No! – Do I need to be PCI DSS Compliant?

My web site stores card details for me to put into my credit card terminal. Do I need to be compliant?

Yes you do. If you store, see or handle credit card details, you need to be compliant.

I use a payment service provider to handle my credit card payments. Do I need my shop to be compliant?

No you don’t. If you are using a payment service provider and never see a shoppers credit card details, you do not need to be compliant.

To summarise
If you ever come into contact with a shoppers credit card details, be it using a terminal or a web site to store the data, you DO need to be PCI compliant.

If you never come into contact with a shoppers card details and use a third party like PayPal to handle your web site payments, you DO NOT need to be PCI DSS compliant.

We do, and always have, suggested that clients use third party payment service providers as it takes away the headache of PCI DSS compliance such as SagePay.

For more information visit The PCI Security Standards Council


call us on 01727 739812