All businesses that store, process or transmit payment cardholder data must be PCI Compliant. If you accept credit or debit cards as a form of payment, then PCI compliance applies to you.

What is PCI compliance and how does your business comply? The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (, an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

The PCI Data Security Standard applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.

So what if your business doesn’t store your customers’ credit card information? You must still be compliant because you process and transmit cardholder data. The storage of card data is risky, so if you don’t store card data, then becoming secure and compliant may be easier.

You might ask whether your website’s security certificate satisfies the PCI compliance requirement. SSL certificates do not secure a web server from malicious attacks or intrusions. High assurance SSL certificates provide the first tier of customer security and reassurance such as the below, but there are other steps to achieve PCI compliance.

Commonwealth Consulting Group can provide additional information about PCI compliance and we can help assure that you meet the data security standard.