Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The standard was created to increase controls around Cardholder data and reduce card fraud.
Merchants that want to process, store or transmit card data will need to be PCI compliant. With SIBS the Merchants have the choice to use the FORM that is already fully PCI compliant, with no need of any certification from the store. The “Server-to-Server” API integration variant requires the Merchant to collect the card data, which increases the PCI-compliance needs.
The Council does not enforce compliance. Compliance is requested by individual payment brands or acquiring banks.
PCI 3-Step Process
Assess
Identifying cardholder data, taking an inventory of IT assets and business processes for payment card processing, and analysing them for vulnerabilities;Remediate
Fixing vulnerabilities and eliminating the storage of Cardholder data unless necessary;Report
Compiling and submitting required reports to the appropriate acquiring bank and card brands.
For more details: https://www.pcisecuritystandards.org/