PCI-DSS 3.2 Quick Reference Guide
Q: What is PCI?
A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI council. A copy of the PCI DSS is available here.
Q: To whom does the PCI DSS apply?
A: The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
Q: Am I compliant if I swipe credit cards directly in my POS terminal?
A: It depends on the POS software you use and how it is recognized by the PA-DSS.
PA-DSS refers to Payment Application Data Security Standard maintained by the PCI Security Standards Council (SSC) to address the critical issue of payment application security. The requirements within the PA-DSS are designed to ensure that vendors provide products which support merchants’ efforts to maintain PCI DSS compliance and eliminate the storage of sensitive cardholder data.
The PCI SSC administers the program to validate payment applications’ compliance against the PA-DSS, and publishes and maintains a list of PA-DSS validated applications. See PCI Security Standards for more information. Also see our blog post on the critical difference between the PCI DSS and PA-DSS here.
As announced in December 2022, Ordyx's recent partnership with VersiTech means new advancements in technology, features, and security.
The latest updates in the PCI-Council's security standards for PCI-DSS 3.2+ means merchants and software companies are required to take on more responsibilities and costs to keep their cardholder data network compliant. This is where the power of VersiTech comes in. To protect Ordyx merchants from unnecessary costs and point-of-sale updates, VersiTech has partnered with BOLD Integrated Payments to deliver an unparalleled payments option that will continue to deliver integrated payments as it does today with the security needed to meet PCI-DSS standards.
Ordyx has always prided ourselves on remaining processor agnostic, something that is very uncommon in the POS industry today. We are dedicated to providing our merchants with options to keep their business running, including the option to choose who they use for payment processing. However, with the recent changes to PCI-DSS standards, some Ordyx setups that are currently running today will not be considered compliant and will need to be addressed. It is important to note that every Ordyx POS setup is unique. That is why VersiTech has built a dedicated team to consult our merchants with the best path and payment solutions to fit your business needs.
Please note that we will need to determine if your system is compliant to determine if action is needed to avoid your payment processing being shut down on 6/30/2023.
To avoid payments disruption and begin the process to asses your system, please contact our team by filling out the form below or by phone at (561) 807-1503 no later than 6/20/2023 so we can document your setup and cover your options to remain compliant.
Schedule Your Consultation Below: