Back in 2015, we compiled a short of the most common payment terms you’ll come across when you want to accept credit card payments on your website. For most entrepreneurs entering the online payments world, those terms were unfamiliar because they had never come across them before. That is when it came time to add online payments to your e-commerce website. In which case it highlighted another knowledge gap in the process being that it can be incredibly complex when considering things such as PCI compliance – which is a fundamental part of being able to process payments on your store.
But what is it – and what does PCI stand for? We’ll answer for those questions in this post to help you get a better understanding of PCI.
What does PCI Stand for?
Essentially PCI is an abbreviation for Payment Card Industry, that is an independent body composed of the major credit card schemes (Visa, MasterCard, American Express, Discover and JCB.). Together they act as the Payment Card Industry Security Standards Council (PCI SSC) who set the standards for maintaining a secure infrastructure when processing, storing and transmitting credit card data.
Those set of requirements are known as the Payment Card Industry Data Security Standard (PCI DSS) and are meant to be safety measures for every online business against internet fraud.
Why was the PCI SSC founded?
Founded in September 2006, the PCI SSC was formed to combat the rise of online fraud in a unified approach. As people became more comfortable purchasing online and with more businesses setting up e-commerce websites with the ability to pay online. Fraudsters saw this as an opportunity to steal credit card data by attack websites which were poorly protected.
There were initially five different security programs, each set up by a respective credit card scheme to ensure online businesses had a certain level of security protecting them against online fraud. However, online businesses struggled to meet the requirements of five different security programs. The main reason being a lack of a single standard amongst the credit card schemes.
And so in December 2004, the credit card schemes which consisted of American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International came together to align their individual security standards to release the first version of PCI DSS.
However, it wasn’t until September 2006, when they released PCI DSS 1.1 that they announced the creation of the PCI SSC.
For a more visual timeline, you might be want to have a look at this infographic by SearchSecurity: The history of the PCI DSS standard
How To: PCI Compliance
So how do you become PCI compliant? Any business involved with the processing, transmission, or storage of credit card data must comply with PCI DSS 3.0. But while the standard helps online businesses become even more secure, it also brings additional efforts for businesses to become compliant. Fortunately, here at PAYMILL we’ve developed a flexible solution to make PCI 3.0 compliance a simpler and easier process.
In order to be (or stay) eligible for the simpler form of self-assessment (SAQ A), all credit card data needs to be out of the scope of your e-commerce website. We therefore offer an iframe-based credit card form that achieves SAQ A eligibility which we’ve named the PayFrame.
The PayFrame is available for all PAYMILL users and can be easily added to your website. For all the details on how to embed our solution into your e-commerce website, head over to our Developer Centre to check out the PayFrame Guide