The PCI DSS standard has been defined by credit card issuers and concerns, first and foremost, all e-commerce players on whose website bank data is transmitted. Complying with PCI DSS limits fraud by securing more security. This avoids penalties in case of problems and lowers the commission rates on credit card payments while promoting participation in certain calls for tenders. This certification is valid for 1 year.
PCI DSS: it's 1/3 of organization, 1/3 of documentation, 1/3 of configuration.
The latest set of security standards, PCI DSS version 3.2.1, includes 12 primary requirements and more than 300 secondary requirements that reflect best security practices.
Beware of conventional wisdom: if your host is certified PCI DSS, you are not certified PCI DSS provided. And in the best case, 10% of the requirements can only be covered by the e-merchant.
« Choosing a hosting partner or a provider of electronic transaction management must be done in dialogue and in a transparent way. We must determine together who is doing what and who exactly meets the requirements. Security is therefore the business of all stakeholders in Internet business! »