What is PCI DSS compliance and why is it important?

An original initiative by the large credit card companies, PCI DSS was born to help fight credit card fraud and protect consumers in the growing sphere of online payments.

PCI DSS compliance in online payment processing

The Payment Card Industry Data Security Standard, also known as PCI DSS, is a global standard for securely accepting and processing credit card payments. Launched in 2006 by an alliance of major credit card companies, PCI DSS encompasses 12 key requirements as well as more than 400 sub-requirements and test procedures.


Being PCI-compliant requires not just meeting these requirements but continually identifying, documenting, and (if necessary) remediating business-level systems and processes that involve the handing of user credit card data.



Who is subject to PCI DSS?

PCI DSS requirements must be fulfilled by any party responsible for storing, processing, or transmitting an individual’s credit card data. It applies to all organizations that handle credit card data, including online merchants.


Although most business subject to PCI compliance are only required to self-report, the costs of PCI failures can be crippling. When merchants sign a contract with a payment processor, they agree to pay fines if they do not comply with PCI DSS. Depending on the payment processor, fines can range from $5,000 to over $100,000 USD per month based on the size of the merchant and the extent of non-compliance. Actual customer data breaches can, of course, be even more devastating.



Understanding your PCI scope

A key concept when it comes to PCI DSS is a merchant’s “PCI scope” – the extent to which a merchant actually interacts with the customer’s payment data, and the responsibility the merchant therefore assumes for safeguarding it according to the PCI requirements.


As a PCI Level 1-certified payment processor, PayU offers merchants a variety of ways to reduce PCI scope, limit responsibility and risk, and remain complaint.

Reducing PCI scope

See how tokenization can help you reduce your PCI scope and stay compliant.
Explaining PCI DSS and how it works - GIF

How PayU can help you remain PCI compliant


PayU offers several ways to help you to ensure your PCI compliance. While the collection and tokenization of a user’s card details each require a different PCI scope, universal tokens and our PCI-compliant token vault reduce PCI scope significantly by enabling merchants to avoid storing or transmitting credit card data via their own systems.

Instead, transactions are ‘tokenized’ so that credit card data is replaced in the merchant’s system with a unique set of numbers. PayU, in turn, is responsible for storing and safeguarding the original data.

With reduced exposure to PCI data security compliance requirements, you save on compliance costs, while at the same time offering your customers a more secure payments experience. 

Explore more payment security features

Learn more about the security and optimization features of PayU’s global payment solution.
See payment optimization features