If you take card payments, you have to comply with the Payment Card Industry (PCI) Data Security Standard (DSS). This is a mandatory security requirement for all businesses that take card payments, whether that is in person, over the phone or online.
Does PCI-DSS apply to me?
PCI DSS applies to anyone involved in storing, processing or transmitting any cardholder data. What’s more, the standard doesn’t just apply to storing data electronically; it also covers manual processing and storage. You will belong to one of four merchant levels:
Level One – Any merchant processing over 6 million Visa or MasterCard transactions per year. Or who has suffered an attack that resulted in an account data compromise. Or who have been identified as Level 1 Independent Qualified Security Assessor or Internal Audit signed by Company Officer.
Level Two – Any merchant processing one to six million Visa or MasterCard transactions per year.
Level Three – Any merchant processing 20,000 to one million Visa or MasterCard e-commerce transactions per year.
Level Four – Any merchant processing fewer than 20,000 Visa or MasterCard transactions per year. Or all other merchants processing up to one million Visa or MasterCard transactions a year.