The Payment Card Industry Data Security Standard (PCI DSS) was developed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International.  The goal of the PCI DSS is to help facilitate the adoption of consistent data security  measures on a global basis to help organizations proactively protect  customer account data. All entities that accept credit or debit card payment, collect, process or store credit card transaction information, regardless of their transaction volume, were required to meet the Payment Card Industry Data Security Standard (PCIDSS) by 2005. Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs. The 12 items explicitly covered by the PCI DSS are detailed here: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Realex is fully PCI compliant to the highest level of PCI, and was one of the first PSP’s in Europe to deliver this with Level 1 certification achieved in October 2003. We appeared on the VISA website as a case study on implementing the PCI DSS.

Today, non compliance can put a business out of business. Organisations have constant demands put on them to ensure compliance with legislation, local requirements and contractual commitments. Realex Payments offer solutions so a merchant does not have to process or store card numbers, and therefore does not have the full overhead of  complying with all PCI requirements relating to card numbers. Instead of accepting the card details on the merchant web site, the  merchant redirects the cardholder to Realex Payment's Secure Hosted Payments Page to enter their card details. Realex pass back the authorisation information to the merchant,  excluding the card number.  So the merchant never sees the card number. Full details of our services are available on our website.

The other concern for merchants is data privacy. In many countries there are very strict laws governing data privacy, so know your responsibilities.
While it is useful and necessary to retain transaction data remember that you now collect a lot more data from your customer than in the past – email, IP addresses, postal addresses etc. Customers have rights to ensure you do not use this information for anything other than the purpose for which it was given to you and that you will protect it.