The Payment Card Industry Data Security Standards (PCI DSS) is a set of global security standards created by the Payment Card Industry Security Standards Council (PCI SSC) to ensure that every company that collects, processes, stores, or transmits cardholder data maintains a secure cardholder data environment. PCI DSS applies to all entities that accept credit cards or are involved in payment processing, such as payment processors, acquirers, issuers, and service providers.
Our PCI DSS compliance guide provides information about the PCI DSS requirements you must comply with and what documentation you should provide to demonstrate compliance.
Specifically for ecommerce, PCI DSS includes requirements related to the following topics which are also described in our PCI DSS compliance guide:
-
Vulnerability scanning: if you are eligible to demonstrate your PCI DSS compliance through a Self-Assessment Questionnaire A (SAQ A), PCI DSS requires a quarterly vulnerability scan of part of your online-payments system in addition to the SAQ A.
-
Script security: if you are not eligible for a Self-Assessment Questionnaire A (SAQ A) and if certain conditions apply, PCI DSS requires that you implement measures to protect against risks associated with scripts and iframe elements loaded into Web online payments pages.
It is your responsibility to ensure you comply with all PCI DSS requirements that apply to your situation.