Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


Renee Frappier, director of marketing for PacNet Services

Credit and debit card payments are convenient options for businesses and consumers. Still, there is a perpetual underlying fear of information and identity theft for both parties. Recent payment security breaches, including those at Target, Walmart, Home Depot and JPMorgan Chase, have reduced consumer confidence. Therefore, it is important for e-commerce vendors to make payment security a top priority. The best way to guard your customer’s payment information is to make sure your business or your payment processor are PCI DSS-compliant.

What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard. It is a set of requirements established by major card providers to make sure businesses keep payment information secure. PCI DSS protects point-of-sale systems, online shopping carts, wireless access routers and more, according to the PCI Security Standards Council.

There are various security requirements depending on how much business your company processes. Overall, the PCI SSC suggested companies should begin by assessing their current payment processing systems, then fix vulnerabilities and discard any unnecessary customer data. Finally, they must take new steps to make sure their future payment methods are secure.

The PCI SSC warns that by not maintaining compliance, companies increase the risk of payment fraud. Should a data breach occur, they’ll have to issue refunds to consumers. Those shoppers will then take their business elsewhere, leading to lower sales. Ultimately, between fines, potential legal fees and terminated positions, a company could go out of business.

The history of PCI
According to SearchSecurity, PCI DSS began in the late 1990s. Credit card fraud was rampant during the time between 1988 and ’99 – MasterCard and Visa reported losing $750 million. This number, unfortunately, was about to increase as online shopping gained hold of the economy and e-commerce merchants became more prevalent. As the Internet was still new to consumers and businesses, security wasn’t yet a widespread concern. Thus, technologically savvy fraudsters had easy access to payment data.

Visa recognized the need for better online safety and approved the Cardholder Information Security Program in October 1999. This made it the first card brand to develop security standards for online payments. By 2000, fraud had cost online merchants $1.5 billion, and other companies saw the need to prioritize security. This proved difficult as there was no single standard among brands. Even Visa’s own domestic guidelines clashed with its international rules.

The initial version of PCI DSS debuted Dec. 15, 2004. It was the first single security standard supported by all five major credit card companies. By June 2005, any business processing 20,000 or more card transactions per year was required to comply to PCI standards. Then, in September 2006, American Express, Discover, JCB International, MasterCard and Visa collaborated to form the Payment Card Industry Security Standards Council. This council acted as an independent organization to manage and improve payment processing security as the industry evolved.

As the years passed, PCI DSS went through several evolutions and updates. The SSC debuted the Payment Application Data Security Standard in early 2008. This standard provided guidelines similar to PCI for mobile applications, ensuring developers did not store payment data like PINs and CVV2 numbers. The SSC continued to release new payment specifications as the Internet evolved, tacking Web applications, wireless security and tokenization. PCI DSS 3.0, its most current form, debuted November 2013.

What are PCI certification levels?
In August 2012, Visa reported a compliance rate of 97 percent among its Level 1 merchants, SearchSecurity said. Level 1 is the highest tier – such vendors process over 6 million Visa and MasterCard transactions each year. These companies are subject to the strictest regulations and must have yearly reviews. Level 2 companies process 1 to 6 million annual card transactions, while those at Level 3 process 20,000 to 1 million. Businesses at the lowest tier, Level 4, receive fewer than 20,000 card payments. Vendors at Levels 2 through 4 must have security scans each quarter andcomplete a self assessment questionnaire, according to Online Tech.

Should my business be PCI-compliant?
According to PCI Compliance Guide, any organization dealing with credit or debit card transactions must be PCI compliant. There is no longer a minimum number of transactions required. Businesses that are not compliant may be fined $5,000 to $100,000 per month by banks, card companies or other institutions.

Finding a compliant payment processor is one of the best ways e-commerce merchants can reduce the risk of a data breach, the guide said. This way, no payment data is processed, stored or transmitted through your systems.

Following PCI guidelines goes a long way to securing payment data. Doing so assures customers and vendors that financial information is protected to the highest standard against identity theft and fraudulent purchases. E-commerce vendors looking for third-party payment solutions should make sure their providers adhere to PCI DSS.


‘PacNet Services’ is an international payment processes service that accepts payments in over 80 countries which can really help businesses grow and expand by offering a one country service, enabling companies to accept payments from multiple countries around the world with no need to open a foreign bank account. PacNet Services helps businesses save money with easy setup, low commissions and no reporting fees.