PCI Compliance

What is PCI compliance?

Payment Card Industry Data Security Standards (PCI DSS) are network security and business practice guidelines adopted by Visa, MasterCard, American Express, Discover Card, and JCB to establish a 'minimum security standard' to protect customer’s payment card information. It is a requirement for all merchants that store, transmit, or process payment card information.


Who created the PCI DSS standard?

The Payment Card Industry Security Standards Council (PCI SSC) was formed, in September 2006, by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.) as an independent body to administer and manage the PCI DSS standard.


Why was the PCI DSS standard created?

The PCI DSS standard was created in response to a spike in data security breaches related to credit card use; and to prevent credit card fraud through increased controls for card data and the possibility of it being compromised by its exposure.


Who needs to comply with the PCI DSS standard?

PCI DSS applies to ALL organisations or merchants, regardless of size or number of transactions; that accepts, transmits or stores any card-holder data. In other words; if any customer of an organisation makes a direct payment to the merchant by means of a credit card or debit card, then the PCI DSS standard apply.


Is PayU PCI compliant?

PayU adheres to international PCI (payment card industry) compliance standards for data security for the credit card data handled by PayU.All internal process stricly adheres to the PCI-DSS level 1 ceritifcation - the highest that can be achieved.


Should I become PCI compliant?

PCI compliance requires the merchant to do the following

  • Build and maintain a secure network to protect payment card information
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Pass quarterly remove vulnerability scans

Merchants using the PayU redirect integration method (either on Easymerchant or PayU business) are not required to be PCI compliant as their customers are redirected to PayU who then handles the card data on the merchant's behalf.

Merchants using the Enterprise API integration method are strongly advise to investigate the possiblity of becoming PCI compliant as they will handle and transmit card data data. The best starting point would to do the self assesment here.


For more information we advise that you contact the nearest Qualified Security Assessor (QSA).