PCI DSS Compliance Guide
In card payments, the card payment element (card number expiration date CVV) is a very sensitive piece of user information that, if compromised, could lead to card theft. Therefore, the card world has a special technical compliance framework, PCI DSS, to strictly limit access to and use of sensitive card information.
The full name of PCI DSS is Payment Card Industry Data Security Standard, which translates into Chinese as Payment Card Industry Data Security Standard. It is a global standard used to help protect personal card information.PCI-DSS was developed with the participation of the major credit card organizations (e.g. Visa, MasterCard, American Express, etc.). Its main purpose is to provide a secure environment for any organization that processes, stores or transmits credit card information. The standard plays a vital role in avoiding credit card fraud and data breaches.
According to the card organizations, every merchant that accepts card payments must comply with the PCI DSS requirements. The standard applies globally, and the card groups impose penalties on organizations that do not comply with the requirements. PCI DSS certification, which is subject to certain costs including, but not limited to, breach assessment fees, legal fees, forensic investigation fees, site assessment fees, and security update fees, is subject to an annual requirement to complete an official PCI SSC validation document verifying compliance with the PCI DSS standard.
Note:
For merchants that collect, process, store or transmit cardholder data (e.g., card number, CVV, expiration date, etc.), they must comply with the PCI DSS requirements as well as complete the authentication and provide supporting documentation to PayerMax, which will be reviewed by PayerMax within 1 ~ 3 days
after submission .
If a merchant wants to support card payments but doesn't want to incur the cost of PCI DSS authentication, there are two ways to go about it:
Use the integrated mode without PCI DSS requirements: Cashier Payment, Drop In Payment, PaybyLink .
Use Tokenization under direct API payment.