PCI:DSS (Payment Card Industry Data Security Standard)
PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. This is achieved through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI:DSS is intended to protect sensitive cardholder data.
Every business that processes card payments is required to have a yearly PCI DSS compliance assessment to ensure that they are abiding and following card brand rules. We can provide the consultancy to help you understand your organisations obligations under PCI:DSS and what you need to do to comply with the requirements of the standard.
Benefits of PCI:DSS For Your Company
Complying with PCI:DSS shows that your company is dedicated in securing your customers information and minimizing the risk of card fraud. It is not only a requirement to have a yearly PCI:DSS compliance assessment, but it also reassures your customers that they can trust you are keeping your systems and their information secure.
Being compliant with PCI:DSS also greatly reduces any hefty financial charges you may face in event of an attack. PCI non-compliance can result in penalties ranging from £4,000 upwards per month by the credit card companies.
PCI:DSS Self Assessment
If you take card payments you are contractually required to attest that you comply with PCI:DSS. Many organisations fall into the category that allows self-assessment through submission of self-assessment questionnaires (SAQS) to their merchant bank. The self-assessment requires senior management sign off and implies that all the necessary controls are operational and regularly tested.
However, guidance on how to undertake self-assessment often leads to confusion and makes it hard to determine what process to follow, which elements of your business is in scope and which PCI:DSS compliance requirements are applicable to your operations. Let the experts help you!
Our Approach to PCI:DSS Self-Assessment
We have a workshop with IT and business to determine where and how card payments are taken. We determine the compliance obligations of your business based on the nature and volume of processing. Our consultants will work with you to assess your compliance against the individual PCI:DSS requirements applicable to your organisations processing activities.
We will identify the steps you need to take to reduce the PCI:DSS scope or compliance obligations, and those required to address the remaining compliance gaps.
Reduced Risk of a Data Breach
Complying with PCI:DSS means a reduced a risk of a data breach occurring as merchants have to take additional security measures and prohibit the storage of cardholder information.
Improve Brand Reputation
Investing in payment card security will reassure your customers or clients you are taking the correct measures, and they should have no doubt in doing business with you!
Avoid hefty fines
PCI:DSS non-compliance can result in penalties ranging from £3,000 to £80,000 per month by the credit card companies.