Risk & Compliance
PCI-DSS
Definition
PCI-DSS payment Card Industry Data Security Standard - a set of security requirements for organizations that handle cardholder data. Compliance levels range from SAQ-A (simplest, for merchants using hosted payment pages) to Level 1 (most stringent, for large processors). Non-compliance results in fines and potential loss of card acceptance. Most merchants should minimize PCI scope by using tokenization and hosted payment forms.
Related Terms
Tokenization
Replacing sensitive card data with a non-sensitive token that can be stored safely. Tokens are useless if stolen - they can only be used by the merchant they were created for. Enables card-on-file functionality without storing actual card numbers. Reduces PCI scope significantly. Network tokens (from Visa/MC) offer additional benefits including automatic card updates.
Payment Gateway
The technology that securely transmits transaction data between a merchant's website/application and the payment processor. The gateway encrypts sensitive card data, routes transactions for authorization, and returns responses. Can be provided by the PSP (integrated) or operated separately (standalone). Examples include Authorize.net, Braintree, and NMI.
Need help navigating payment terminology?
We speak fluent payments. Let us translate for your business.
Talk to Us