PCI compliance

Data security is a high-profile issue, with security breaches being discovered regularly. The payment card industry is fighting against security breaches with PCI DSS.

Understanding PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a global benchmark mandated by the card schemes (Visa, MasterCard, American Express, JCB and Discover) for the protection of cardholder information. PCI DSS applies to every acquiring bank, merchant and third party that accepts or processes debit and credit cards, regardless of the industry they operate in. This standard has been created in order to address the increasing numbers of security breaches and levels of card fraud.

The PCI DSS standard is a significant move forward in the ongoing global fight against card fraud. It represents the next major initiative following the successful rollout of Chip & PIN in the UK. To gain compliance, organisations need at their disposal the appropriate technology, supporting processes and training of employees.

Specialist skills and expertise are required in order to become compliant and ensure the right choices and decisions are taken.

Costs of non-compliance

A security breach and the inevitable bad publicity following a high-profile breach can have a significant impact on an organisation’s brand and reputation. PCI DSS compliance is becoming an increasingly important topic as the number of security breaches reported grows each week. Last year over 150 incidents were reported in the USA alone, involving millions of card details and millions of dollars’ worth of losses. The standard applies to all merchants, whether they trade online or though physical stores.

It is vital that any company that processes, stores or transmits payment transactions (and therefore personal card data) realises the risk of noncompliance with PCI DSS, which includes damage to brand reputation and fines of many thousands of pounds or even being prevented from accepting cards in the future.