PCI DSS Overview

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit card data. So, when you donate to a great cause or pay for a cool product/service using Visa, Mastercard, AMEX, etc., the nonprofit or business has a legal obligation to keep your financial information secure.

If you’re reading this, you’re likely the one with that legal obligation. Kudos to you for taking this responsibility seriously and for seeking a simple, secure payments solution.

The PCI DSS standard was created to increase controls around cardholder data to reduce credit card fraud via exposure. You’ll need to validate your compliance with this standard annually using an external Qualified Security Assessor (QSA), which creates a Report on Compliance (ROC) for organizations that transact in large volumes. (So many parentheses, so little time—we know.)

It can be a headache to comply with the PCI DSS as a nonprofit or business just trying to process transactions. Some of your business practices might need to change to comply, which can be expensive and additional overhead can accrue. Processing transactions on your own puts a lot of risk in your court. That’s one reason why folks partner with PaymentSpring, to take that risk off their shoulders.

Our payments solution lets sensitive cardholder data completely bypass your infrastructure and head our way. (Check out tokenization when ya get a sec.) This little detour significantly reduces PCI compliance headaches for business merchants and charitable organizations.

Five paragraphs cover this topic’s gist nicely, but if you’d like to learn more, check out our in-depth guide to PCI compliance.