What is PCI? Understanding the Importance of PCI Compliance

Learn why Top Industry Analysts consistently name Okta and Auth0 as the Identity Leader

PCI DSS stands for the Payment Card Industry Data Security Standard. If your company processes, stores, or transmits credit card information, PCI DSS compliance is critical for you.

The PCI DSS ensures that cardholder information is used, stored, and transmitted safely. Following the rules is an industry best practice. You prove to your customers that your company is trustworthy.

But if you’re not PCI compliant, you could also face steep fines that could cripple your business.

What is PCI compliance? 

Guidelines start the PCI compliance process. You must know what your company is expected to do, and you must build processes accordingly. Then, documentation begins. You must prove that you're doing all you can to keep cardholder data secure. 

PCI compliance begins with the PCI itself. The Payment Card Industry Council was founded in 2006 by representatives from:

  • American Express
  • Discover
  • JCB International
  • MasterCard
  • Visa

Each company shares council responsibilities equally, and they all require PCI DSS compliance from their business partners.

PCI created the Data Security Standard (DSS), along with the supporting materials, such as:

  • Specification frameworks
  • Toolkits
  • Measurement guides
  • Supporting materials

Any company that accepts, stores, or transmits cardholder data must be PCI DSS compliant. Even very small companies, and those that work with third-party payment processors, must be compliant. 

If you're not compliant, you could face a fine of up to $500,000 per security breach incident. Additionally, you must notify every person who might have been exposed in an attack, and those notifications can be costly.

Consumers may also choose to sue you independently. And you could face government fines too.

Are you PCI compliant?

Don't make assumptions abou