PCI DSS — mindex

PCI DSS (Payment Card Industry Data Security Standard) is the security standard every merchant, processor, or service provider handling credit card data has to follow. It's written by the card networks (Visa, Mastercard, Amex, Discover, JCB), not a government — non-compliance means you get cut off from accepting cards, which is effectively a death sentence for a retailer. The 300+ individual requirements come down to: encrypt card data in transit and at rest, segment the network that touches it, restrict who can access it, log everything, and prove it annually. The practical escape hatch most companies take is tokenisation via a payment gateway — if raw card numbers never touch your servers, your PCI scope shrinks from "full audit" to "easy self-assessment".