Breadcrumb

What Does PCI Stand For?

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedSep 20212 min read

While sending or receiving card payments, you may have noticed the acronym ‘PCI’ before. What does PCI stand for, and how is it applicable to payment processing? Find out more about the PCI meaning with our guide below.

PCI meaning: what does PCI stand for?

PCI simply stands for payment card industry. This financial industry segment includes all the various organisations responsible for storing, processing, and transmitting cardholder data. This includes both debit cards and credit cards.

PCI is frequently used in conjunction with a secondary acronym, DSS. Together, they stand for Payment Card Industry Data Security Standards, a set of recommended practices ensuring cardholder information is handled securely. PCI DSS regulations cover how businesses should transmit and store this sensitive data with a set of guidelines for payment processors to follow. The standards also apply to any developers or manufacturers creating new payment processing devices.

What is PCI SSC?

Major players in the payment card industry have banded together to oversee security issues. In 2007, American Express, Visa, MasterCard, Discover, and the Japan Credit Bureau worked together to form the PCI SSC, or PCI Security Standards Council.

The PCI SSC oversees all technologies related to electronic payments. This includes transactions related to:

Credit cards
Debit cards
Prepaid cards
Point-of-sale cards
Digital wallets

Part of the role of the payment card industry is to ensure compliance with PCI DSS standards using an approved scanning vendor, or ASV. The ASV scans payment card networks to be sure that all minimum standards are met.

Do you need to worry about PCI compliance?

What does all of this mean for the average business? Do you need to personally worry about PCI compliance? The answer is maybe, depending on the type of payment methods you accept and the gateway you use. Generally, any business accepting card payments must follow the PCI card security requirements. It doesn’t matter if you only process one or two card payments a day: you’re still storing and transmitting customer data.

The exception to this rule would apply if your business never actually comes into contact with the credit card data. Some e-commerce stores, for example, redirect customers to a third-party page for payment processing. In these cases, it would be that third party who would be responsible for PCI card compliance.

What are the main PCI requirements?

Whether or not you’re responsible for PCI DSS compliance, it’s helpful for any business to understand the best practices for data security. The full list of requirements is quite lengthy, but it’s broken down into six primary goals to achieve. These include the following:

1. Build and maintain a secure network

This should include installing and maintaining a firewall of some degree designed to protect cardholder data. PCI DSS also states not to use default passwords issued by the vendor; instead, create new ones.

2. Protect cardholder data

This means finding a secure way to store data, including encryption when transmitting data across any public or open networks.

3. Manage vulnerabilities to the system

This third objective means that you need to create a vulnerability management program in place to guard against malware, such as anti-virus software.

4. Put access control measures in place

Businesses must restrict access to cardholder data to only those who really need to use it. These restrictions should apply both online and in person.

5. Test and monitor your networks

Make sure that your systems are in working order with regular testing. Payment processors need to track any access to their cardholder data.

6. Create an official information security policy

This policy should be shared with all personnel who might access cardholder data, laying out clear regulations and internal procedures.

The bottom line is that the payment card industry holds the interests of all cardholders at heart with these standards. Stakeholders must work on product development and creating better technology to do so.

We can help

GoCardless helps you automate payment collection, cutting down on the amount of admin your team needs to deal with when chasing invoices. Find out how GoCardless can help you with ad hoc payments or recurring payments.