PCI Compliance

REVIEWED BY JULIA KAGAN  Updated Apr 20, 2019

What is PCI Compliance

Payment card industry (PCI) compliance refers to the technical and operational standards that businesses must follow to ensure that credit card data provided by cardholders is protected. PCI compliance is enforced by the PCI Standards Council, and all businesses that store, process or transmit credit card data electronically are required to follow the compliance guidelines.


Payment card industry (PCI) compliance standards require merchants and other businesses to handle credit card information in a secure manner that helps reduce the likelihood that cardholders would have sensitive financial data stolen. If merchants do not handle credit card information properly, the card information could be hacked and used to make fraudulent purchases. Additionally, sensitive information about the cardholder could be used in identity fraud.

Being PCI compliant means consistently adhering to a set of guidelines set forth by companies that issue credit cards. The guidelines outline a series of steps that credit card processors must continually follow. Companies are first asked to assess their information technology infrastructure, business processes and credit card handling procedures to help identify potential threats that may compromise credit card data. Companies are then asked to address any gaps in security and to avoid storing sensitive cardholder information, such as social security and drivers license numbers, whenever possible. Companies are required to provide compliance reports to the card brands that they work with, such as American Express and VISA.

All companies that process credit card information are required to maintain PCI compliance, regardless of their size or the number of credit card transactions they process. All companies are broken into merchant levels based upon the number of transactions that are processed during a specified period. PCI compliance is governed by the Payment Card Industry Security Standards Council, an organization formed in 2006 for the purpose of managing the security of credit cards. The requirements, known as the Payment Card Industry Data Security Standards (PCI DSS), are managed by the major credit card companies, including VISA, American Express, Discover and MasterCard, among others