What is PCI Compliance

The PCI Acronym in the Online Shopping Context

The IT industry is awash with acronyms, which we use to pepper our conversations with. Often some of the people in the conversation don’t actually know what they stand for but keep talking as if they do.

Which is exactly what happened to my college Max and I, a while back. We were deep into a corporate ecommerce conversation about online store security, when the PCI Compliance question came up.

‘So the new site will be PCI Compliant?’ said the customer.

‘Of course!’ we both answered almost simultaneously.

Then the customer did the unthinkable and asked, ‘What does PCI Compliance stand for?’

Max and I were stumped.

For a while, we floundered around, desperately trying to cobble the right combination of words together, but it was obvious that we simply did not know. So, we apologized while trying not to look stupid. I resolved to find out and to write this article!

PCI Compliance

Beleive it or not, in the ecommerce context PCI comes in 16th on the list of acronyms with the letters PCI! You can check the list if you have the time here:

And to relieve the suspense... PCI stands for Payment Card Industry, which has created a council that acts as a forum and watchdog for the online payments and account data protection. They look at hardware and software areas related to online credit card payment.

Their full name is The PCI Security Standards Council.  They say, “The security benefits associated with maintaining PCI compliance are vital to the long-term success of all merchants who process card payments.” Which makes sense for all of us in the online commerce industry.

The council provides a number of solutions to assist the industry with compliance adherence and issues.  These include Assessors, Scanning Vendors, Payment Application Assessors and forensic investigators.

What Compliance Means for Online Store Merchants

Most ecommerce stores use a payment gateway for credit card processing, which avoids most of the PCI compliance work for the online store itself. Payment gateway vendors and other organizations that deal directly with credit card data can be subject to a PCI Audit that will determine their ability to service their clients.

Compliance items that are important for merchants and IT staff who support merchant systems:

  • Never store cardholder data
  • Encrypt all cardholder data transmitted over public networks (SSL)
  • Ensure that all online store software has the latest security patches applied
  • Ensure that you have a security policy that is followed by all personnel who access the hardware or data
  • Monitor access to admin and backend operations – all users should have unique logins

To find out more, you can read lots more about compliance here:


Published 3 July 2016

Connect with us!