Overview
The Payment Card Industry’s Data Security Standards (PCI DSS) is a set of requirements designed to minimize fraud and related risk by protecting sensitive cardholder information that is processed, stored and transmitted by merchants.
Compliance with the PCI DSS is an annual requirement for all merchants set by the card associations, including Visa®, Mastercard®, American Express®, and Discover®. The PCI DSS was designed to help protect business owners – and their customers – from the severe financial loss that is often associated with a data breach.
In addition to following the PCI DSS, software vendors, and others who develop POS systems and applications that store, process, or transmit cardholder data also need to follow the PCI DSS’s Software Security Framework (SSF).
The PCI DSS and PCI SSF work together to help protect sensitive cardholder information and the ISVs who embed payments into their software.
PCI Implications
While the PCI DSS is mandatory for ISVs, it doesn’t guarantee that they are fully protected. That’s why it’s a best practice to adopt a layered approach to payment security, which includes Tokenization, PCI-Validated Point-to-Point Encryption (P2PE) and EMV.
Tokenization and PCI-Validated P2PE protect sensitive cardholder data at rest and in transit. Both solutions eliminate the ISV’s PCI DSS scope while simultaneously reducing the merchant’s PCI scope, making compliance faster and easier.
Another way to eliminate your PCI DSS scope is with Cloud EMV Semi-Integrated EMV payments. Semi-integration takes your application completely out of PCI DSS scope since the ISV’s software environment never actually handles sensitive cardholder data.