What is PCI compliance and why is it important?

Published: 29/10/2018

If you run a business that takes card payments (whether face-to-face, online or over the phone), you’re responsible for ensuring that your customers’ card details are protected.

That doesn’t mean storing them safely on a spreadsheet, it means making sure that you’re compliant with the Payment Card Industry Data Security Standard (PCI DSS compliance).

This standard makes sure that you are exercising the right controls surrounding the storing, transmission and processing of card holder’s details, so that their data is protected.

It is managed by the PCI Security Standards Council, founded by the five largest credit card brands, including American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc.

It’s a mandatory requirement, so you need to be able to prove you’re compliant - if you can’t, you may face additional PCI charges every month. Plus, you’ll be putting yourself and your customers at risk of a data breach.

Card machines

At Payzone, we have a team of PCI specialists who can help you become compliant. Find out more by calling 08082 781615.

Which businesses need to be PCI compliant?

If you accept card payments, or want to start accepting them, you need to be PCI compliant, no matter how big or small your business is.

You’ll have two months from the date you sign up with your card payment provider to prove you’re compliant, otherwise fines may be applied.

Levels of PCI Compliance

There are four different levels of PCI compliance. Each has their own specific requirements, and the level that you’re applicable for will depend on the number of payments you’re processing each year:

  • Level 1 – if your business processes over 6 million card transactions each year.
  • Level 2 – if your business processes 1 million to 6 million card transactions each year.
  • Level 3 – if your business processes 20,000 to 1 million e-commerce transactions each year.
  • Level 4 – if your business processes less than 20,000 e-commerce transactions each year and other merchants processing up to 1 million card transactions a year.

PCI Compliance checklist

To become compliant, you’ll need to meet a number of security requirements, sometimes called a PCI checklist. There are 12 requirements in total, but you may not need to comply with all of them, depending on the type and volume of transactions you process. These requirements can include:

Build and maintain a secure network and systems

1. Install and maintain a firewall configuration to protect cardholder data.

2. Don’t use vendor-supplied defaults for system passwords and other security parameters.

Protect cardholder data

3. Protect stored cardholder data.

4. Encrypt transmission of cardholder data across open, public networks.

Maintain a vulnerability management program

5. Protect all systems against malware and regularly update antivirus software or programs.

6. Develop and maintain secure systems and applications.

Implement strong access control measures

7. Restrict access to cardholder data by business need to know.

8. Identify and authenticate access to system components.

9. Restrict physical access to cardholder data.

Regularly monitor and test networks

10. Track and monitor all access to network resources and cardholder data.

11. Regularly test security systems and processes.

Maintain an information security policy

12. Maintain a policy that addresses information security for all personnel.

You can read about these in more detail here.

How do I get PCI compliant?

If you’re looking to get your business PCI compliant, you’ll need to fill out an online PCI Self-Assessment Questionnaire. Also known as a ‘SAQ’, the questionnaire will cover the possible risks of your payment processes. This questionnaire needs to be completed every 12 months to stay compliant.

Depending on your business, the form can be up to 300 questions long, which can feel like a mammoth task, but remember, we are here to help you every step of the way.

For a small fee, our dedicated team of PCI specialists can guide you through the questions, and help you understand exactly what they mean, so you can answer them accurately and sufficiently to avoid any monthly fines.

Need to get your business PCI compliant? Start taking safe and secure payments with Payzone, with no setup fees or admin charges. Get your free quote now.

Share this page:

Related Articles

What is a merchant account

What is 3D secure and how does it work

What is a PDQ machine