The PCI DSS standard has been defined by credit card issuers and concerns, first and foremost, all e-commerce players on whose website bank data is transmitted. Complying with PCI DSS limits fraud by securing more security. This avoids penalties in case of problems and lowers the commission rates on credit card payments while promoting participation in certain calls for tenders. This certification is valid for 1 year.
PCI DSS: it's 1/3 of organization, 1/3 of documentation, 1/3 of configuration.
PCI DSS is
about 220 requirements and 12 rules that must meet the host and its e-merchant.
Beware of conventional wisdom: if your host is certified PCI DSS, you are not certified PCI DSS provided. And in the best case, 10% of the requirements can only be covered by the e-merchant.
« Choosing a hosting partner or a provider of electronic transaction management must be done in dialogue and in a transparent way. We must determine together who is doing what and who exactly meets the requirements. Security is therefore the business of all stakeholders in Internet business! »