The Payment Card Industry (PCI) has Data Security Standards (DSS) for companies that accept, process, transmit, and store credit card information. The Payment Card Industry Security Standards Council (PCI SSC) created these standards to improve payment security during the transaction process. PCI SSC is an independent body formed by the credit card brands Discover, MasterCard, Visa, American Express, and Japan Credit Bureau (JCB).

What Entities Does PCI DSS Cover?

Any organization that accepts, transmits, or stores cardholder data must comply with PCI DSS. This rule includes organizations that process all numbers and sizes of transactions online and over the phone. The cards monitored include credit, debit, and prepaid cards from any of the five participating brands. Here are some examples of organizations that must have PCI certification:

  • Merchants.
  • Financial institutions.
  • Point of sale vendors.
  • Hardware and software developers who create and operate payment processing infrastructure

Why Is PCI Important?

PCI aims to help organizations implement security technologies and processes that will decrease their chances of a data breach. PCI certification will also help these organizations implement standards for secure payment options for their customers.
PCI protects all cardholder data, including the primary account number (PAN), service code, expiration date, and cardholder name. Data security matters because it affects many parties, from the cardholder to the organization. With PCI certification, your customers will trust you, and your organization will maintain compliance.


Organizations without PCI certification are more at risk of a security breach and may have to pay fines, replace cards, conduct audits, and repair their reputations.

How to Maintain PCI Compliance

Here is a PCI compliance checklist your healthcare organization can follow to achieve certification:

  • Install firewalls.
  • Use unique system passwords.
  • Use and regularly update antivirus software.
  • Develop and maintain secure applications and systems.
  • Encrypt data transmissions on open public networks.
  • Restrict access to cardholder data.
  • Monitor access to network resources.
  • Maintain an information security policy.

PCI compliance has four levels based on the number of card transactions annually:

  • Level 1: 6 million transactions
  • Level 2: 1 million to 6 million transactions
  • Level 3: 20,000 to 1 million transactions
  • Level 4: 20,000 or fewer transactions

Level 1 compliance requires a yearly internal audit and quarterly PCI scans. The other levels call for a Self-Assessment Questionnaire (SAQ) yearly assessment and optional quarterly PCI scans.

Contact Agio Today

Agio will help your healthcare organization with PCI certification through compliance assessments and our PCI 360° compliance program. To learn more, contact us today.

Contact Agio Today
See also  How to Hold a Safe, Secure Telehealth Appointment