What is PCI DSS?

The Payment Card Industry (PCI) Data Security Standard (DSS) is the worldwide benchmark that helps you safeguard your customers’ payment card data. As a merchant you are at the centre of payment card transactions. Compliance with PCI DSS will help to make you less vulnerable to payment card fraud, your customers less vulnerable to identity theft and build customer trust.

There are billions of payment card transactions each year. Most of these go without a hitch but payment card fraud and identity thefts are increasing. More than 234 million records with sensitive information have been compromised since January 2005 according to Privacy Rights Clearing House. Your customers rely on you to keep their payment card information safe and secure – repay their trust with PCI DSS compliance.

“The goal of the Payment Card Industry Data Security Standard is to protect Cardholder Data that is processed, stored or transmitted.” Payment Card Industry Security Standards Council

Who needs to be PCI DSS compliant?

    • Merchants/retailers
    • Ecommerce businesses
    • Service providers to merchants
    • Application developers
    • Manufacturers and handlers of devices used in card transactions

Any company that handles information held on payment cards is required to fully comply with PCI DSS regardless of how many card transactions it carries out. You have to renew compliance annually – either with an onsite security audit or self-assessment questionnaire. Think of it like an MOT certificate for your cardholder data security practices. Don’t lie on a self-assessment questionnaire – it changes the nature of the issue from a contractual argument to a criminal offence.

What risky behaviour does PCI protect against?

A survey of businesses in US and Europe by Forrester Consulting found that:

  • 81% store payment card numbers
  • 73% store payment card expiration dates
  • 71% store payment card verification codes
  • 57% store customer data from the payment card magnetic stripe
  • 16% store other personal data

These types of activities are a huge risk to the businesses involved.

What does PCI compliance involve?

The PCI DSS is a comprehensive set of controls for enhancing payment account data security – common sense steps that reflect security best practices.

  1. Assess . Identify Cardholder Data within the business, identify where it is stored or processed, and analyse vulnerabilities that could expose them.
  2. Remediate . Fix vulnerabilities and do not store cardholder data unless you need it.
  3. Report . Compile and submit required remediation validation submissions and submit compliance reports to the Acquirer. Otherwise have a QSA audit and submit a Report on Compliance.

A PCI DSS Qualified Security Assessor (QSA) firm such as Ascentor will help you to identify and implement the controls needed to achieve compliance first time and maintain it for the future.

The positive benefits of PCI DSS compliance

The time and money you put into becoming PCI certified is more than matched by the advantages it will bring.

  • It will protect your business from threats
  • It will protect cardholder data
  • It proves your organisation takes data security seriously
  • It will improve your reputation with payment partners
  • It increases customer trust, which means more sales and loyalty
  • It will strengthen your business

You’ve worked hard to build your business. Secure your success by protecting your customers’ payment card data with the PCI standard.

Article by Colin Dixon ,Ascentor’s lead QSA for PCI DSS.

If you have a PCI DSS question do get in touch . Based in Gloucester, UK Ascentor helps businesses to achieve and maintain PCI compliance. PCI can be a complex process. We’re at your side every step of the way.

Related information:

You may also be interested in:

Work from home cyber security myths

Cyber security myths home workers fall for

Home workers are a growing gateway to your data and systems. If they believe any of these popular cyber security myths, your security is at serious risk.

Cyber security working from home

Managing good cyber security when working from home - what employers need to know

Home working carries increased security risks, but it doesn’t have to be open season for cyber criminals. These tips will help you put together a robust level of cyber security for your home based employees.

Cyber Essentials is changing - our overview

As the IASME Consortium takes over the management of the certification of Cyber Essentials (CE) Scheme, we look at what the changes will involve and why the scheme is still very much needed.