The payment card industry data security standard (PCI-DSS) is a set of regulations formed by major payment card brands including VISA, MasterCard, AmEx, and Discover. There are 12 general security requirements, and sub-requirements, that every merchant that obtains payment card information is required to follow.
There are 4 levels of compliance: The level your company must comply with depends on the number of transactions per year that your business processes.
Do I have to comply with PCI-DSS?
Select a payment provider that handles payments securely and complies with level 1 PCI-DSS standards. If you handle the same payment types and transmit/store any data, you should should consider complying with the appropriate level of PCI-DSS standards.
Who Is Exempt?
Organizations that employ less than 10 people, produced less than $5 million in gross annual revenue from New York operations in each of the past three years, or hold less than $10 million in year-end total assets are exempt from certain requirements of the Regulation.
What if I don't meet PCI compliance?
Non-compliance can lead to serious security events that could cost your organization valuable client data, and have serious financial implications (both fines and loss of revenue). To avoid the risk of data breaches that could highly damage your brand. It is within the best interests of your company to comply with these regulations.