PCI-DSS

What is PCI-DSS?


PCI-DSS stands for Payment Card Industry Data Security Standard. It is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

The standard was created to increase controls around cardholder data to reduce credit card fraud.

Key aspects of PCI-DSS include:

  • Building and maintaining a secure network

  • Protecting cardholder data

  • Encrypting transmission of cardholder data across open, public networks.

  • Strong control access measures, including restricting physical access to cardholder data

  • Regularly monitoring networks

Compliance with PCI-DSS is mandatory for all entities that handle credit card transactions, including merchants, processors, acquirers, issuers, service providers, and all other entities that store, process, or transmit cardholder data and/or sensitive authentication data.


MergeBase and PCI-DSS?


The PCI-DSS standards apply only to payment processors. MergeBase is not a payment processor; therefore, these standards do not apply to us.


How Can MergeBase Help You Comply with the PCI-DSS?


The PCI-DSS standard requires taking a serious and proactive approach to cardholder data security. If your business involves processing payments on behalf of other companies where you have access to cardholders’ personal data, then you must comply with the PCI-DSS.

We can help you maintain compliance by reducing your attack surface area, continuously monitoring software, and providing a real-time vulnerability overview to improve software security.