SaaS startup? Here is a 5-minute primer on everything you need to know about PCI DSS 3.1

Photo credit: perspec_photo88 via VisualHunt / CC BY-SA

Up for some worry-inducing revelations to give you a SaaS reality check?

Here goes:

“This year (2015) cyber security has been grabbing the headlines following many high profile data breaches — expect that to continue into 2016. Firms are finally beginning to recognise that a determined and well-resourced adversary will find a way to breach their cyber protection regardless of the robustness of their defences. This is leading to firms focusing more on the data and systems that are most critical to their operations and how to reduce the risk to those assets”.

That was David Ferbrache, Technical Director at KPMG’s cyber security practice.

In the era of information and technology, the one factor that has risen to prime significance is Data Security.

When you’re a software business that handles your customer’s information, its importance gets blown up by multiple folds.

When you’re a SaaS business operating on the cloud, you’re bestowed with even more conveniences which also morph into risks. To state a few,

  • The access to data from anywhere at anytime (BYOD culture)
  • Flexible data sharing and collaboration capabilities which vary from firm to firm
  • The virtualization technology where a single server can hold, say, 10 virtual machines, which in turn carry 100s of customers’ data (in other words, hacking one server would equal hacking all of those machines)

Adding to the above nightmares, if you also happen to handle your customer’s sensitive payment details on a regular (and recurring) basis, you should be a data security evangelist — it should be your product’s guardian angel, not an afterthought.


Well, panic not. There is a solution — the PCI DSS compliance (and no, it’s not as complicated or intimidating as it sounds. You’ll realise that yourself once you’re done with this post).

Guess what? You’re at a pretty good place to begin your PCI DSS expedition. Below are two detailed write-ups to handhold you through the topic and get you all prepped up:

  • The basics first. Here’s a post that explains what PCI DSS compliance means, what the recent updates are and what it means to a PCI Compliant SaaS firm, and about the PCI DSS compliance options that Stripe and Braintree have for you at the moment: How Stripe and Braintree can help your startup maintain PCI 3.1 compliance
  • Now that you are knee-deep in sifting through the options to tackle data security head-on, here’s how Chargebee would do it for you, and would do it rather efficiently: Chargebee and PCI DSS 3.1

Have more questions on the data security front? Looking for explanations specific to your company/product? Well, type them out to support@chargebee.com and we’ll get back to you with the answers that you seek.


Sadhana Balaji is a product marketer at Chargebee. You’ll find her writing about the lessons, observations, and stories on the business of SaaS on the Chargebee blog.

Show your support

Clapping shows how much you appreciated Chargebee’s story.