What are the Payment Card Industry Data Security Standards?


As a business owner, it’s important that you understand and apply these standards. This will help your business to process card payments securely.

The Payment Card Industry Data Security Standards (PCI DSS) are requirements that make it easier for you to ensure your customers’ card information is always secure.

Meeting these standards helps you protect your data and customers’ information from breaches and theft. These standards include how you:

  • take a payment online
  • take a payment through an electronic payment terminal
  • handle a card number read to you over the phone
  • handle a card number received in a letter or email.

The PCI Security Standards Council

The PCI Security Standards Council is a global forum. Industries come together to develop, enhance, share and assist with the understanding of security standards for payment account security.

The Council members:

  • American Express
  • Discover Financial Services
  • JCB International
  • MasterCard
  • Visa Inc.

Who do the standards apply to?


All Australia businesses that accept card payments need to comply with the PCI DSS regardless of your business size. You can’t partially comply. Your level ocompliance will depend on your business situation.

Assess your business compliance

The PCI Security Standards Council website has a tool to help you check your PCI DSS compliance.
  • Complete the self-assessment questionnaire documents to check if your business complies.
  • If you have a larger business you may need independent assessment.

Why it’s important to be PCI compliant


Having a strong, up-to-date security plan in place is not only good for your business, but also for your peace of mind.

Following the PCI DSS in your business will:

  • reassure your customers that their card details are secure when they pay you
  • maintain customer trust in your business, which is good for your reputation
  • show your commitment to improving the shopping experience for your customers and protecting their data
  • prevent others from accessing your payment system networks and stealing cardholder data.

12 key requirements of the standards


The PCI DSS includes 6 goals with 12 requirements.

Build and maintain a secure network

1. Use a firewall on your network and PCs to protect cardholder data

2. Change default passwords on hardware and software. Make sure you choose secure passwords for all your business systems.

Protect cardholder data

3. Protect any cardholder data you store.

4. Encrypt cardholder data if it’s being transmitted across open, public networks.

Maintain a vulnerability management program

5. Use and regularly update software, including your anti-virus software.

6. Develop and maintain secure systems and applications.

Implement strong access control measures

7. Only allow access to cardholder data when it’s required.

8. Assign employees their own unique login (user name and password) to computer systems. Restrict physical access to cardholder data. Do not store any sensitive cardholder data on your computer or on paper.

Regularly monitor and test networks

10. Track and monitor all access to your network resources and cardholder data.

11. Regularly test security systems and processes.

Maintain an information security policy

12. Maintain a policy that addresses information security for your employees access IT and payment systems.