- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Glossary
Payment card industry (PCI) compliance is a set of policies and procedures used to protect credit and debit card transactions and prevent cardholders’ personal information from being stolen. It is developed and managed by the Payment Card Industry Security Standards Council (PCI SSC). Payment card industry compliance applies to any size company that accepts credit card payments.
If a company accepts credit card payments, it must securely host data with a PCI compliant hosting provider.
If you’re not PCI compliant, then you’re putting your customers and your business at risk. Without the protection that PCI compliance brings, your business could be vulnerable to costly attacks and data breaches.If a data breach occurs and you’re not PCI compliant, your business will have to pay penalties and fines ranging between $5,000 and $500,000.
But fines are just the beginning , If you’re not PCI compliant, you run the risk of losing your merchant account, which means you won’t be able to accept credit card payments at all. On top of that, a data breach could cost you thousands of dollars in damages, lose the respect and trust of your customers, and decimate your reputation.
There and 6 goals and 12 requirements for payment card industry compliance:
Learn more about changes in payment card industry compliance that willaffect your application security program.
Learn more aboutweb application security, and PCI DSS 3.0