What is the PCI DSS?
Created by the major Payment Card Associations (Visa, MasterCard, American Express, Discover, JCB), the Payment Card Industry Data Security Standard (PCI DSS), outlines general security requirements for merchants or service providers that store, process, or transmit cardholder data. The PCI DSS grew out of secure data programs developed by Visa and MasterCard as the benefits of a single aligned set of standards became apparent.
- A merchant that stores the CVV/CVC number is in violation of the PCI DSS. This data must never be stored and should only be used at the time of purchase to validate cardholder status.
- A merchant that has many employees, only some of whom process orders, and who share the same Yahoo ID when accessing the store could be in violation of the PCI DSS. Merchants should restrict access to cardholder data to only those employees that require such access to conduct business and each employee should have a unique Yahoo ID.
Note: Yahoo can only provide general suggestions as to what may constitute a violation of PCI DSS. The PCI Security Standards Council determines the specific requirements of the PCI DSS. It is the responsibility of merchant account providers, working in conjunction with merchants or qualified security assessors, to determine what actions, policies, or practices may be needed by a merchant to comply with the PCI DSS.
The information provided here by Yahoo is for informational purposes only. Yahoo makes no representation as to the accuracy of this information and merchants are advised to use the links to the PCI Security Standards Council for the latest updates. Please note that the payment card association security programs may change without notice at any time.