Shopify Merchant Account 256-bit Encryption Level 1 PCI Compliant information.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.

The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) or by a firm specific Draft:Internal Security Assessor (ISA) that creates a Report on Compliance for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

History
Five different programs: Visa's Cardholder Information Security Program, MasterCard's Site Data Protection, American Express's Data Security Operating Policy, Discover's Information Security and Compliance, and the JCB's Data Security Program were started by card companies. The intentions of each were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data.

The Payment Card Industry Security Standards Council (PCI SSC) was then formed and these companies aligned their individual policies to create the PCI DSS.

There have been a number of versions:

1.0 was released on December 15, 2004.
1.1 in September 2006 provide clarification and minor revisions.
1.2 was released on October 1, 2008. It enhanced clarity, improved flexibility, and addressed evolving risks and threats.
1.2.1 in August 2009 made minor corrections designed to create more clarity and consistency among the standards and supporting documents.
2.0 was released in October 2010.
3.0 was released in November 2013 and was active from January 1, 2014 to June 31, 2015.
3.1 was released in April 2015, and has been retired since October 31, 2016.
3.2 was released in April 2016.
Requirements
The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called "control objectives." These 6 groups are:

Build and Maintain a Secure Network and Systems
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
Each version of PCI DSS has divided these twelve requirements into a number of sub-requirements differently, but the twelve high-level requirements have not changed since the inception of the standard.