Login
Contents x
PCI DSS Compliance
      Contents

      PCI DSS Compliance

          Article Summary

          PCI DSS (Payment Card Industry Data Security Standard) is an international standard that sets security standards for the processing and collection of card data. The latest binding version of the current documents is available in English at this link.

          The measures resulting from the PCI DSS standard prevent the misuse of customer card data.

          What sensitive data needs to be protected

          • Payment cardholder data - card number, expiry date, cardholder's name.
          • Sensitive authentication data (CAV2 / CVC2 / CVV2 / CID codes, complete magnetic stripe data, personal identification number (PIN)).

          The merchant is required to familiarize themselves with and comply with the PCI DSS standard. In practice, e-commerce and non-e-commerce merchants, i.e. clients with a payment gateway and those with a payment terminal, have somewhat different obligations.

          Payment gateway

          From the perspective of the e-commerce merchant, it is sufficient to demonstrate the use of a certified (in terms of PCI DSS) service provider or solution where the merchant does not come into contact with the payment card number. This is the case with the Comgate payment gateway - everything takes place securely in the payment gateway environment, the merchant does not have access to card data, does not receive, transfer or store this data in its systems (cash register, accounting system). Therefore, if the merchant implements the Comgate payment gateway as standard according to the instructions (and does not collect card data anywhere else), he does not have to worry about anything. Comgate is PCI DSS top-level certified, so clients with a payment gateway do not need to take any additional measures when implementing it correctly.

          Payment terminals

          The merchant is responsible for the protection of cardholder data, especially at the point of sale, and for its possible transfer to the cash register or other computer system. The setup and security of the systems must be handled in such a way that the cardholder data is not compromised, including the systems of your suppliers. The best practice to minimise the possibility of sensitive data being stolen is not to store any card data.

          Therefore, the merchant will take measures in the premises such that, for example, the security camera does not capture the terminal keypad where the customer enters the PIN, or the area where paper receipts from the terminal are stored (if they contain sensitive data) is protected.

          Comgate cannot vouch for the measures resulting from the layout and design of the premises, but as far as the transmission of data from the terminal is concerned, everything is secured in accordance with the PCI DSS standard. Therefore, as with a payment gateway, if the terminal is set up as instructed, the merchant does not need to take any additional measures to protect the card data during transmission.


          Was this article helpful?
          What's Next
          Payment Gateway
          Payment Terminal
          Business Loan
          Accounting
          For Programmers
          Client Portal
          Contacts
          © Comgate a.s.
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout