Reading time: 4 minutes

Many online business owners will be familiar with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is relevant if you collect and store credit card information through your website. You may store credit card information for a variety of reasons, including to charge late fees or cancellation fees. In this article, we look at what the PCI DSS is and what you can do to ensure your business is compliant.

What is the PCI DSS?

The PCI DSS came about in 2004 after major credit card providers (like Visa and Mastercard) grew concerned about the sophisticated methods people used to hack payment details. The PCI DSS is a central standard, which governs the safe storage of credit card details, and acts as a means to limit fraud. 

The standard is not contained in the law in Australia, nor in other countries. However, credit card providers, like Visa and Mastercard, enforce compliance through their contracts. 

For example, Visa might have a contract with Westpac. If Westpac wants to use Visa’s payment system for its credit cards, it will need to agree to Visa’s terms, which stipulates how Westpac needs to:

  • protect cardholder data; and
  • monitor networks for breaches of cardholder information. 

How to Comply With the PCI DSS

It is crucial to understand how to comply with the PCI DSS if you collect or store credit card information.

There are twelve standards, spread across the following six categories:

  1. building and maintaining a secure network;
  2. protecting cardholder data;
  3. maintaining a vulnerability management program;
  4. implementing strong access control measures;
  5. regularly monitoring and testing networks; and
  6. maintaining an information security policy.

Card providers enforce compliance through their contracts with banks.

For example, if Commbank (or one of Commbank’s business customers) did not protect cardholder data, the card provider may impose a fine on Commbank. Commbank may either absorb this fine or pass it on to their customer. This customer may be a small business that stores credit card information. 

To check for compliance, businesses and banks can: 

The method of checking compliance will depend on the volume of credit card transactions within your business. For a high volume of card transactions, regular audits and scans are appropriate. For a small volume of card transactions, the self-assessment questionnaire will be appropriate.

Penalties For Non-Compliance

If you breach the standard, the credit card provider may impose a penalty on you or the bank. This penalty may be financial, or it might be the termination of the contract.  

An example of breaching the standard might be not maintaining a secure network on which you store credit card information

If you want to avoid having to comply with PCI DSS, you can outsource your payment collection to a payment gateway, like PayPal, which is already compliant. This option is likely going to be appropriate if you have a small business and do not want to bear the burden of ensuring you are compliant with the PCI DSS. 

Payment gateways exist to facilitate payment collection, so they have the required procedures and insurances. Further, users will generally recognise and trust payment gateways like PayPal and Stripe, which may make them feel more confident about entering their card details to make purchases.

Key Takeaways

The PCI DSS is a standard by the major credit card providers to protect themselves from credit card fraud and scams. Credit card providers build the PCI DSS into their contracts with banks and other organisations to promote compliance. The scheme mainly applies to banks and large financial institutions, but the obligations may flow down to merchants who collect and store credit card information. If you require any assistance with complying with the PCI DSS, contact LegalVision’s e-commerce lawyers on 1300 544 755 or fill out the form on this page.

Webinars

Corporate Governance 101: Responsibilities for New Directors

Wednesday 27 April | 11:00 - 11:45am

Online
If you are a new company director, join our free webinar to understand your legal compliance obligations. Register today.
Register Now

Rogue Directors and Business Divorces: How to Remove a Director

Thursday 28 April | 11:00 - 11:45am

Online
Removing a board director is not simple. Join our free webinar to learn how to handle rogue directors. Register today.
Register Now

Employment Essentials for Tech Businesses

Thursday 5 May | 11:00 - 11:45am

Online
Protect your tech business and your employees by understanding your employment legal obligations. Register for our free webinar today.
Register Now

How to Protect and Enforce Your Trade Mark

Wednesday 11 May | 11:00 - 11:45am

Online
Protect your business’ brand from copycats and competitors. Register for this free webinar to learn how.
Register Now

How Franchisors Can Avoid Misleading and Deceptive Conduct

Wednesday 18 May | 11:00 - 11:45am

Online
Ensure your franchise is not accused of misleading and deceptive conduct. Register for our free webinar today.
Register Now

New Kid on the Blockchain: Understanding the Proposed Laws for Crypto, NFT and Blockchain Projects

Wednesday 25 May | 10:00 - 10:45am

Online
If you operate in the crypto space, ensure you understand the Federal Government’s proposed licensing and regulation changes. Register today for our free webinar.
Register Now

How to Expand Your Business Into a Franchise

Thursday 26 May | 11:00 - 11:45am

Online
Drive rapid growth in your business by turning it into a franchise. To learn how, join our free webinar. Register today.
Register Now

Startup Financing: Venture Debt 101

Thursday 23 June | 11:00 - 11:45am

Online
Learn how venture debt can help take your startup to the next level. Register for our free webinar today.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer