PCI DSS Compliance Explained

PCI DSS Compliance Explained

PCI DSS is the security standard that everyone handling card data must follow. It sounds intimidating, but for most of our clients the practical burden is small because of how we design checkout.

This article explains what the standard is, who it applies to, and how the right architecture keeps your obligations light.

What PCI DSS Is

PCI DSS stands for the Payment Card Industry Data Security Standard. It is a set of requirements created by the card networks to protect cardholder data wherever it is stored, processed or transmitted.

How We Reduce Your Scope

The single biggest factor in your obligations is whether card numbers ever touch your servers. By using hosted fields or a redirect to the provider, the sensitive data goes straight to them and never to you.

• Card details are entered into provider-hosted fields.
• Your servers only ever see a token, never a card number.
• This usually qualifies you for the simplest self-assessment questionnaire.

Your Ongoing Responsibilities

Even with reduced scope you still keep software patched, use strong access controls and complete an annual self-assessment. We help document the parts that relate to your website.

Frequently Asked Questions

Is PCI DSS a legal requirement?

It is a contractual requirement from the card networks rather than a law, but non-compliance can mean fines or losing the ability to take cards.

Who completes the self-assessment?

You do, as the merchant, but we provide the technical evidence and explain each relevant question.

If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.