What is PCIDSS?

Wed 20th Nov 2013

As there is a rise in Data Theft… a new security system called PCIDSS has been created. It is a security standard that all businesses, if they deal with Credit and Debit Card Transactions, regardless of how often, or small the transactions are, have to comply with.

PCIDSS stands for “Payment Card Industry Data Security Standard” and it has been set by Visa and MasterCard. It consists of completing a 12 step process to go through to become compliant. Being compliant is sort of having “insurance” in case of a breach.

If you fail to be compliant, you will be charged non-compliance fines MONTHLY which you might not know about!

"Why do I need to be compliant?"
Every business that deals with, stores, transmits or processes ANY Credit & Debit card data needs to be compliant. However little or large the amount of data.

"But I know exactly who can see and where data I handle is & goes?"
Things like this don’t matter. There are far too many businesses for banks to go around and see who’s compliant. All they know is, if there’s no record of you being compliant in their records, they’re going to charge you a monthly fine for not being compliant.

"I've only got a small business, there won't be any data theft here."
Many people think this way. Although, did you know that in 2011 there was over £10,300,000 worth of fraud committed in the South West alone? Of which, 92% of the breaches occurred in small businesses. That “knew” there wouldn’t be any fraud under their roof.

"Okay, how do I become compliant?"
There are 12 requirements to a business becoming compliant, broken down into 6 steps. They are…
1) You have to work out what level merchant you are so you know what security you have to have.
2) Answer how do you process card data?
3) Choose which assessment (out of 5) to complete.
4) Create yearly policies and procedures
5) Create a staff awareness policy.
6) Certify your business.
(Each step is split into two parts)

For more detail on how to become compliant, contact us