E-commerce Payment Gateway Documentation – Beta Version 1.0 is now available.
Read Me
FAQMerchant APIHow-ToOur Access

PCI DSS Compliance

Understanding PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework established by the Payment Card Industry Security Standards Council (PCI SSC). It is designed to ensure that businesses handling cardholder data—whether collecting, processing, storing, or transmitting it—maintain a secure environment.

PCI DSS compliance applies to all entities involved in payment processing, including merchants, payment processors, acquirers, issuers, and service providers.

Introduction to PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is a globally recognized framework established by major card networks, including Mastercard, Visa, JCB, Diners, and American Express. It outlines a set of technical and operational security requirements designed to:

  • Protect cardholder data

  • Reduce fraud risks

  • Minimize vulnerabilities to data breaches and cyber threats

Adhering to PCI DSS not only enhances security but also helps businesses maintain customer trust.

Mandatory Compliance for Merchants

While PCI DSS is not a legal requirement, it is mandatory for any business that accepts credit card payments as per the card networks’ regulations. Non-compliance can lead to significant financial consequences, including:

  • Fines and non-compliance fees

  • Legal costs and forensic investigation expenses

  • Mandatory security audits and system upgrades

Key Considerations for PCI DSS Compliance

Before proceeding, it’s essential to understand:

  1. PCI DSS applies to the entire Cardholder Data Environment (CDE) – including all people, processes, and technology that collect, store, process, or transmit cardholder data.

  2. PCI DSS is an ongoing process, not a one-time event – businesses must validate their compliance annually by completing an official PCI SSC validation document.

Tietoevry's Role in PCI DSS Compliance

Managed Service delivery method and PCI DSS Compliance

Implementing PCI DSS in your business can be challenging, especially without an existing security framework for handling sensitive payment data. To minimize your PCI DSS compliance scope, Tietoevry provides integrated solutions that handle most PCI requirements.

The easiest way to maintain PCI compliance is by using Tietoevry's encrypted solutions, which ensure that you never handle or store unencrypted cardholder data.

However, while Tietoevry takes on a significant portion of PCI DSS responsibilities, your business still has compliance obligations since you accept credit card payments through your website, mobile app, or physical store.

Compliance Responsibilities

Tietoevry’s Responsibility

  • Tietoevry is responsible for securing cardholder data only after it has been received through the designated payment interface.

  • Once received, the data is managed within a PCI DSS Level 1 Service Provider Cardholder Data Environment, ensuring the highest level of security compliance.

Merchant Responsibility

  • Merchant are responsible for ensuring cardholder data security before it reaches Tietoevry.

  • Depending on your integration method, Merchant may also need to comply with PCI DSS cardholder data storage requirements if storing any payment data within your systems.

By leveraging Tietoevry's secure solutions and following best practices, you can effectively manage your PCI DSS compliance while ensuring a safe and trusted payment environment.

On-Prem Delivery Method and PCI DSS Compliance

Tietoevry's solution is fully prepared for PCI DSS-compliant deployment in customer environments, including on-premise data centers and public cloud infrastructures.

Our on-prem deployment ensures that businesses can maintain full control over their payment processing environment while meeting PCI DSS security requirements.

Key Features of On-Prem PCI DSS Deployment:

  • Deploy within your own data centers or preferred public cloud environment.

  • Ensures PCI DSS Level 1 compliance with strong encryption and access controls. Optimized for high-volume payment processing while maintaining low latency.

  • Tietoevry provides guidance and best practices to help you maintain PCI compliance within your infrastructure.

While Tietoevry's on-prem solution helps facilitate PCI DSS compliance, customers remain responsible for securing their own infrastructure, access controls, and any cardholder data managed outside of Tietoevry’s systems.

PreviousGlobal Integration CapabilitiesNextPCI DSS Glossary

Last updated

Was this helpful?