ReferenceGlossaryPCI DSSPCI-DSS Compliance The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards created to protect cardholder data. It applies to any organization that processes, stores or transmits credit card information. The goal of PCI-DSS is to minimize credit card fraud and increase the security of payment card transactions. The PCI-DSS is a demanding standard with approximately 470 requirements across 12 key areas, all geared towards achieving six core objectives: Build and Maintain a Secure Network and Systems : This focuses on establishing and maintaining a secure IT infrastructure to protect cardholder data Protect Account Data : This objective centers on safeguarding stored cardholder data and ensuring its confidentiality Maintain a Vulnerability Management Program : This involves proactively identifying and addressing security vulnerabilities to prevent exploitation Implement Strong Access Control Measures : This aims to restrict access to cardholder data to authorized personnel only, based on their job responsibilities Regularly Monitor and Test Networks : This objective emphasizes the need for continuous monitoring and regular testing of security controls to ensure their effectiveness Maintain an Information Security Policy : This involves establishing and enforcing comprehensive security policies and procedures across the organization Purse’s SaaS solution is certified PCI-DSS Level 1, ensuring the highest level of compliance. Merchants can thus certify themselves via an SAQ-A form, except for merchants who implement their own payment form or who are required by their acquiring bank to obtain certification via a QSA auditor