PCI DSS : what is it ? PCI DSS : standard's content PCI DSS : a client / host job

PCI DSS : what is it ?


The PCI DSS standard has been defined by credit card issuers and concerns, first and foremost, all e-commerce players on whose website bank data is transmitted. Complying with PCI DSS limits fraud by securing more security. This avoids penalties in case of problems and lowers the commission rates on credit card payments while promoting participation in certain calls for tenders. This certification is valid for 1 year.

PCI DSS: it's 1/3 of organization, 1/3 of documentation, 1/3 of configuration.

PCI DSS : standard's content

The latest set of security standards, PCI DSS version 3.2.1, includes 12 primary requirements and more than 300 secondary requirements that reflect best security practices.

Beware of conventional wisdom: if your host is certified PCI DSS, you are not certified PCI DSS provided. And in the best case, 10% of the requirements can only be covered by the e-merchant.

  • Certification is done on a case-by-case basis, site by site.
  • The host responds to some of these requirements, however in the best case 10% of these requirements can only be covered by the Customer. Beware of marketing offers !!!
  • The service provider is PCI DSS certified. In this case, he chooses the requirements he wants to meet within his service offerings. It is therefore the responsibility of the subscriber of the offer to cover the other requirements to be PCI DSS compliant.

PCI DSS : a client / host job

Europ assistance

Rail Europe

« Choosing a hosting partner or a provider of electronic transaction management must be done in dialogue and in a transparent way. We must determine together who is doing what and who exactly meets the requirements. Security is therefore the business of all stakeholders in Internet business! »

Julien Mellul, Ecritel deputy General Director

  • Obtaining and maintaining PCI DSS certification can seem heavy and burdensome for e-merchants. That's why relying on a managed hosting provider, already certified, greatly eases this process.
  • With PCI DSS certification, Ecritel is increasingly committed to its e-merchant customers and demonstrates its desire to offer the best possible services.