Expert comment on the latest developments in PCI DSS:
PCI Devil just tweeted: How to tell if your EPOS terminal is PA DSS approved...
Taking payment is an obvious and essential part of business, and there are an ever-increasing number of technological applications to take it. That's all well and good; enabling your customers to pay for your product or service - in the way that suits them - is all part of making it easy for them to do business with you.
However, what isn't so obvious, but still essential in terms of PCI compliance, is making sure that the payment applications you're using don't store your customers' card data. It doesn't matter whether you bought in a payment application or designed it in-house, the problem for you as a merchant, is in knowing whether it stores that card data or not - if it does, you could fall out of PCI compliance the moment you press the "enter" button on your EPOS terminal without even realising it.
So how do you solve this problem?
Simple, just ask your Payment Service Provider (PSP) to tell you whether the application they have supplied you with is PA DSS approved. Doing this should not only confirm what type of card data your payment application is and isn't storing, it should also demonstrate to your PCI QSA that you are continually managing PCI compliance and not simply waiting for next year's round of tick boxes to come along which, ironically, will get you a tick in the box!
As a qualified PA DSS QSA* we work with Payment Service Providers (PSP), reviewing their payment application technology in order to determine whether it stores customer payment card data.
If you'd like more advice or information, please call us and we'll be happy to discuss your situation and needs in confidence: 08450 212 151
*Payment Application Data Security Standard Qualified Security Assessor.
More About PCI DSS
Find out more:
- Call the PCI Team > 08450 21 21 22
