Although PayPal – or any other third-party service provider – is ultimately storing, processing and transmitting the cardholder data, as a merchant your business is the one accepting that information. Therefore, it is your responsibility to ensure that your online environment has the ability to protect the security of the payment process.
In response to the ever-increasing threat of fraud and identity theft in today’s world of eCommerce, credit card companies got together back in 2004 to compile a set of payment security regulations aimed to pass on more of the responsibility for protecting client data to merchants. These regulations are today called the Payment Card Industry Data Security Standard (PCI DSS) and are overseen by an independent Council.