What is PCI DSS?

PCI DSS stands for Payment Card Industry Data Security Standard. It is the international benchmark that mitigates security risks and protects payment card data from attack. The standard is managed by the PCI Security Standards Council >

Who does PCI DSS apply to?

All merchants, card issuers, card acquirers and service providers that handle, transmit, store or process payment card information have to be PCI DSS compliant. Additionally, any organisation that stores, processes or transmits cardholder data including merchants with physical/on-line stores as well as banks, payment processors and third party service providers also has to be PCI DSS compliant.

Contact our PCI Team >

When was the PCI DSS deadline?

Originally, June 30th 2005. Importantly though, PCI DSS compliance is a mandatory and continual requirement because technology becomes out-of-date and criminals develop new ways of breaching security. Therefore, once your organisation has met the standard, it must be maintained in order to ensure that sensitive data is kept safe and the reputation of your organisation is protected.

What are the penalties for non-compliance?

There is a range of consequences. Your organisation could be fined, have its card processing facilities withdrawn, as well as having its reputation and credibility harmed due to any subsequent bad press resulting from the fact that it may not (be seen to) be protecting customers' card data according to the standard.

Contact our PCI Team >

How to comply with the PCI DSS:

Do the following:

1. Building/maintaining a secure payment processing network
2. Protect cardholder data
3. Maintaining a Vulnerability Management Programme
4. Implement strong access control measures
5. Regularly monitor and test the network
6. Maintain an Information Security Policy

Contact our PCI Team >

PCI DSS is necessary because...

It helps to protect your customers and your business. In a recent survey carried out by a major card issuer, having your personal or financial data stolen was the number one concern of all cardholders. It’s not hard to imagine the damage that can be done to a customer’s private life and a business’ revenue and continuity when a security breach involving personal information is involved.

Data security is a shared responsibility; we expect it of others and they expect it of us.

Who sets the PCI DSS standard?

The standard is set, maintained and developed by the PCI Security Standards Council, an independent body. The standard was originally initiated by Visa and MasterCard and has now been adopted by the major card brands as a common approach to safeguarding sensitive data.

Why comply with PCI DSS?

Because protecting your customers' data protects your business and helps ensure its revenue and continuity. By becoming compliant your organisation is given "Safe Harbour" against penalties from the card schemes in the event of a security breach. These penalties could be financial or in a worst case scenario could entail having your card processing facilities withdrawn - which would significantly impact your business.

Contact our PCI Team >