PCI Introduction for Online Merchants

PCI is a security standard that was founded by various card associations, including Visa and MasterCard. The full standard is known as PCI DSS or the Payment Card Industry Data Security Standard.

The goal of the standard is to ensure the protection of card-holder data. In an online merchant (or ecommerce / card-not-present) environment, card-holder data typically refers to the PAN (Primary Account Number) displayed on the card, the card-holders name, card expiry date and CVV or security code on the back of the card.

The PCI standard requires that any company that is involved in any way with the processing, storage or transmission of card-holder data needs to be PCI compliant. This means they need to have certain practices or processes in place within their organisation in order to protect card data. In South African online or card-not-present environments the relevant cards that are in-scope are usually your credit or cheque cards.

In the event of a breach of data, where the security of card-holder data is suspected to have been compromised by either internal employees or external hackers, the organisation(s) that had the breach could face significant fines if it is found that PCI standards were not in place in the company at the time of the breach.

In addition, is it possible that the industry or relevant bank may temporarily stop those organisations processing any payment transactions, which could result in the merchant not being able to sell its product or service online.

View our PCI-DSS Level 1 Certificate >