PCI Data Security

The Payment Card Industry Data Security Standards (PCI DSS)

pciMany of our members operate card terminals and are therefore classed as ‘merchants’. If you are a merchant your terminal provider may have already advised you on PCI DSS.

Compliance with these standards is now compulsory for all merchants who accept payment cards in offering goods and services. You must be PCIDSS compliant if you handle, process or store payment card details either on computers or on paper.

Merchants also need to verify that compliance is in operation through any third parties involved in their transactions.

There can be some serious financial penalties for data security breaches and where card information is compromised as a result of non-conformance with PCIDSS. Compliance is also subject to renewal on an annual basis.

However merchants do not need to feel anxious because the compliance process is straightforward and there is help and advice available in determining:

  • Levels of compliance
  • How to become compliant

There are 4 Merchant levels of compliance, the level ascribed to a merchant is determined by the number of card transactions you accept per annum, per card scheme, and what channel you use to accept those transactions

The basic Standards cover areas such as Security management of data, policies and procedures. Common sense underpins the standards, and the PCIDSS is not a new construct. It’s based on existing ISO standards, which is essentially best practice, i.e. for compliance, you need to demonstrate that you have processes in place that:

  • Store card data securely
  • Limit access (internally and externally) to the data
  • Review, test and maintain security on a regular basis
  • Reflect a policy you have documented on your security processes and procedures

We recommend that you ask the advice of your acquiring bank (the organisation providing your merchant account) and that you visit The PCI Security Standards Council website.

You will also need the help and guidance of a qualified security assessor (QSA). One such organisation that has helped some WVFDTA members achieve compliance, and at low cost, is Security Metrics, 0844 561 1662.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s