What is Payment Card Industry Data Security Standard (PCI DSS)?

Payment Card Industry Data Security Standard (PCI DSS) is a Global Card Scheme initiative to make sure every entity that handles, stores or processes cardholder data does so in a secure way.

A major focus for PCI DSS is the technology used to collect, store and process card data. This makes PCI DSS compliance particularly important if you are operating the Direct integration model, because you collect and store payment details on your own systems.

The levels of PCI DSS depend on:

  • The number of transactions you process, per card scheme, in each of your channels (such as eCommerce, point of sale, MOTO)
  • The way you integrate with us

Your integration with us involves these relative levels of PCI DSS:

  • XML Direct - highest level required
  • XML Direct with Client Side Encryption - lower level required
  • XML Hosted (Hosted Payment Pages) - lowest level required

In the Hosted model, Worldpay is principally responsible for the collection, storage and processing of cardholder data, which helps reduce your costs for implementing the security measures needed for full PCI DSS compliance. For further details, talk to your Relationship Manager. Note that Worldpay is not the assessor - you must get your own level of PCI DSS compliance assessed independently.

For more information about PCI DSS, including its hardware and software standards, see the PCI Security Standards website. To help you comply with PCI DSS, the PCI Security Standards website also lists PCI-approved Quality Security Assessors (QSAs), who can advise on your system's security (a chargeable service). Worldpay is not responsible for the content or operation of external websites.