If you run a business that takes card payments (whether face-to-face, online or over the phone), you’re responsible for ensuring that your customers’ card details are protected.
That doesn’t mean storing them safely on a spreadsheet, it means making sure that you’re compliant with the Payment Card Industry Data Security Standard (PCI DSS compliance).
This standard makes sure that you are exercising the right controls surrounding the storing, transmission and processing of card holder’s details, so that their data is protected.
It is managed by the PCI Security Standards Council, founded by the five largest credit card brands, including American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc.
It’s a mandatory requirement, so you need to be able to prove you’re compliant - if you can’t, you may face additional PCI charges every month. Plus, you’ll be putting yourself and your customers at risk of a data breach.
At Payzone, we have a team of PCI specialists who can help you become compliant. Find out more by calling 08082 781615.
If you accept card payments, or want to start accepting them, you need to be PCI compliant, no matter how big or small your business is.
You’ll have two months from the date you sign up with your card payment provider to prove you’re compliant, otherwise fines may be applied.
There are four different levels of PCI compliance. Each has their own specific requirements, and the level that you’re applicable for will depend on the number of payments you’re processing each year:
To become compliant, you’ll need to meet a number of security requirements, sometimes called a PCI checklist. There are 12 requirements in total, but you may not need to comply with all of them, depending on the type and volume of transactions you process. These requirements can include:
1. Install and maintain a firewall configuration to protect cardholder data.
2. Don’t use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Protect all systems against malware and regularly update antivirus software or programs.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need to know.
8. Identify and authenticate access to system components.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security for all personnel.
You can read about these in more detail here.
If you’re looking to get your business PCI compliant, you’ll need to fill out an online PCI Self-Assessment Questionnaire. Also known as a ‘SAQ’, the questionnaire will cover the possible risks of your payment processes. This questionnaire needs to be completed every 12 months to stay compliant.
Depending on your business, the form can be up to 300 questions long, which can feel like a mammoth task, but remember, we are here to help you every step of the way.
For a small fee, our dedicated team of PCI specialists can guide you through the questions, and help you understand exactly what they mean, so you can answer them accurately and sufficiently to avoid any monthly fines.
Need to get your business PCI compliant? Start taking safe and secure payments with Payzone, with no setup fees or admin charges. Get your free quote now.