PCI DSS is an acronym you should be familiar with if you’re a business which collects and stores credit card information. If you’re considering storing credit card information in your business (perhaps to charge late fees or cancellation fees, for example), you should understand what the PCI DSS is and how it affects your business.

What is the PCI DSS?

PCI DSS stands for Payment Card Industry Data Security Standards. The origins of the PCI DSS lie with the major credit card providers Visa, MasterCard, American Express (AMEX), Discover and JCB. These credit card giants were worried about credit card fraud and the increasing sophistication of the methods used to hack people’s payment details. What resulted were separate standards brought out by each credit card body, governing how merchants should store credit card details to ensure maximum protection. One bright spark argued for strength in numbers and suggested that the each credit card company’s standards be amalgamated into one central standard governing the safe storage of credit card details. PCI DSS came into being in 2004 for the first time.

Application of the PCI DSS

The standards aren’t contained in any piece of legislation in Australia (or elsewhere). The standards form a self-regulatory framework for financial institutions and payment merchants to follow if they choose. In practice, PCI DSS are contained in merchant contracts. What does this mean? We’ll use an example to illustrate.

Say you run a shoe store on Pitt Street. To take payment via card, you need a Point of Sale (POS) terminal. Commonwealth Bank gives you the best rates on renting POS equipment, so you go with Commonwealth Bank, signing their merchant contract (this outlines the terms on which Commonwealth will supply you with the equipment). Commonwealth Bank is called the ‘acquiring’ bank because they acquired the right to provide you with POS equipment.

If card details are stolen from your POS, say using a card skimmer, then your acquiring bank (Commonwealth Bank) might be fined if you were not PCI DSS compliant at the time of the credit card theft. The fines might be passed to you as the merchant, but usually, banks choose to absorb the fines.

The following six standards form the PCI DSS:

  • Build and maintain a secure network;
  • Protect cardholder data;
  • Maintain a vulnerability management program;
  • Implement strong access control measures;
  • Regularly monitor and test networks; and
  • Maintain an information security policy.

Key Takeaways

The PCI DSS are a set of standards designed by the major credit card schemes in the early 2000s as a way of protecting them from credit card fraud and scams. The PCI DSS are not built into law in Australia – instead, they are rules designed for self-regulation.

The PCI DSS mainly apply to banks and large financial institutions, which may require that merchants who collect and store credit card information comply with the PCI DSS. If you require any assistance with complying with the PCI DSS standards, get in touch with LegalVision’s contract lawyers.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Chloe Sevil

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy