How do I comply with PCI / DSS (Payment Card Industry / Data Security Standards)?

PCI/DSS (Payment Card Industry/Data Security Standards) is established by payment card schemes and is managed by the PCI Security Standards Council. This standard was created in order to increase the protection of cardholder information and reduce the fraudulent use of payment instruments. It concerns the protection of data such as the cardholder’s name, the card number, the card’s expiry date, the PIN code etc.

Compliance with PCI/DSS security rules is a necessity for all players that deal with card payments. All entities that accept card payments, process, store or transmit cardholder data are therefore concerned.

Are you a client of Axepta BNP Paribas Benelux for the acceptance of electronic payment transactions?

The payment terminals that Axepta BNP Paribas proposes to its clients are PCI approved devices. Our acquiring solutions are also PCI/DSS compliant. Opting for a payment solution of Axepta BNP Paribas is therefore already a good first step to ensure compliance with these PCI/DSS security rules.

What do merchants need to do to ensure they are compliant with the PCI/DSS rules?

Next to using PCI/DSS approved terminals and acquiring solutions, merchants are also required to assess their own compliancy with the PCI/DSS rules, regardless of whether their payment transactions happen in the physical world or online.

The PCI-DSS assessment depends on the level of merchant activity:

  • Merchants receiving more than 6 million transactions per year require a specific audit procedure.
  • Merchants receiving less than 6 million transactions per year are required to conduct a PCI/DSS Self-Assessment Questionnaire (SAQ) annually. The PCI Security Standards Council provides guidance to determine which SAQ applies to your business. The self-assessment can be found on the website of the PCI Security Standards Council here.