We use cookies to give you the best browsing experience and to help us understand how you use our site. Cookies are small snippets of data stored on your computer and some have already been set. By continuing to use our website you are accepting our use of cookies. To find out more, read about cookies

Please note

We cannot answer specific queries about your account here. For Account queries please

Can't find the answer?

Email Us

Your selected question

What is PCI DSS?

As many organisations regulated in their respective fields, card acquirers, such as Barclaycard, are members of Card Schemes such as VISA and MasterCard. At the end of 2004, Visa and MasterCard aligned their respective security and data protection programmes to improve security at an industry level – creating the Payment Card Industry Data Security Standard (PCI DSS). The Payment Card Industry Standard Security Council (PCI SSC) was then created, and the PCI SSC now defines the standard. PCI DSS is a worldwide program, also endorsed by Amex, Diners and JCB.

PCI DSS is not a standard for standard sake, it is a collection of good standard data security practices that any organisation should already have in place. It just happens to focus specifically on cardholder data. You may find that you are already a long way towards fulfilling the requirements of the standard. PCI DSS is about preventing card payment information held by merchants, or their third parties, from being used fraudulently and all the consequential financial and reputational losses associated with this.

If you want to access the detailed standard, please visit the PCI Standard Security Council site.

Barclaycard began a PCI DSS related communication programme in 2007 and has sent many letters and leaflets, inserts with statements, placed messages on statements and asked a partner company to email and call merchants in an effort to get the requirements communicated to all merchants.

How useful did you find the answer given?

Not at all Very useful