What is PCI DSS compliance?

PCI DSS (Payment Card Industry Data Security Standard) has been developed to protect card data and to prevent data loss. Card data that falls into the wrong hands can be used for fraudulent purposes: they can be copied, used to order online, etc.

PCI DSS is an alliance between American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. They have established the PCI Security Standards Council which develops standards for the secure storage of card and transaction data. Companies that follow these are PCI DSS compliant.
 
Why is it important to be PCI DSS compliant?

When card data and other information are not secured, these can be lost. This is called an Account Data Compromise (ADC). You will always be held (financially) responsible and the costs can be considerable.
 
What to do?

• You need to secure card data at all times, e.g. by:

• storing tickets with card data under lock and key;

• physically protecting your payment terminal from theft, tinkering of replacement with a fake;

• when using a mobile payment terminal: protecting it against 'eavesdropping'. Your terminal vendor can provide you with more information.

And, last but not least, you will be asked annually to fill out a questionnaire (the Self-Assessment Questionnaire, SAQ) to prove that you are fully compliant.