What is PCI DSS compliance and why is it important?

An original initiative by the large credit card companies, PCI DSS was born to help fight credit card fraud and protect consumers in the growing sphere of online payments.

PCI DSS compliance in online payment processing

The Payment Card Industry Data Security Standard, better known as PCI DSS, is a global security-standard for accepting and processing credit cards. Launched in 2006 by an alliance of major credit card companies, PCI DSS encompasses 12 key requirements as well as more than 400 sub-requirements and test procedures.


Being PCI-compliant requires not just meeting these requirements but continually identifying, documenting, and (if necessary) remediating business-level systems and processes that involve the handing of user credit card data.



Who is subject to PCI DSS?

PCI DSS requirements must be fulfilled by any party responsible for storing, processing, or transmitting an individual’s credit card data. It applies to all organizations that handle credit card data, including online merchants.


Although most business subject to PCI compliance are only required to self-report, the costs of PCI failures can be crippling. When merchants sign a contract with a payment processor, they agree to pay fines if they do not comply with PCI DSS. Depending on the payment processor, fines can range from $5,000 to over $100,000 USD per month based on the size of the merchant and the extent of non-compliance. Actual customer data breaches can, of course, be even more devastating.



Understanding your PCI scope

A key concept when it comes to PCI DSS is a merchant’s “PCI scope” – the extent to which a merchant actually interacts with the customer’s payment data, and the responsibility the merchant therefore assumes for safeguarding it according to the PCI requirements.


As a PCI Level 1-certified payment processor, PayU offers merchants a variety of ways to reduce PCI scope, limit responsibility and risk, and remain complaint.

Reducing PCI scope

See how tokenization can help you reduce your PCI scope and stay compliant.

How PayU can help you remain PCI compliant


PayU offers several ways to help you to ensure your PCI compliance. While the collection and tokenization of a user’s card details each require a different PCI scope, universal tokens and our PCI-compliant token vault reduce your compliance scope significantly by enabling you to avoid storing or transmitting raw credit card data through your systems.  

With reduced exposure to PCI data security compliance requirements, you save on compliance costs, while at the same time offering your customers a more secure payments experience.