Leaders Through Innovation
0333 323 3981
The aim of the Payment Card Industry Data Security Standard (PCI DSS) is to prevent any information that could be used to make a counterfeit card, or a fraudulent online transaction, from falling into the wrong hands. This includes the card number, the expiry date and three digit CVV number.
As a merchant, in order to accept payment card transactions, you will have agreed to abide by the operating regulations of your acquiring bank, which include:
How to carry out transactions properly
The major financial institutions have been enforcing PCI DSS since 2007 and have imposed fines on companies that have been found to be in breach of the rules.
Who must comply?
If a business is set up to take credit cards by any mechanism – then it needs to be compliant. It is a popular misconception that small companies processing only one or a few credit card transactions a year are exempt from these standards.
The deadlines for merchants to be PCI compliant have passed. This means that if you are a merchant, you are responsible for ensuring your business is compliant rather than waiting for the bank to notify you.
Should payment card data be compromised and a company found not to be PCI compliant, the fines and compensation requirements by the banks could be substantial. Several companies, including high profile retailers such as TK Maxx and Sony, have already received heavy penalties.
The regulations have so far been enforced in order of magnitude starting with the major “Tier 1” retailers that process over six million transactions per year down to “Tier 4” businesses that process up to twenty thousand cards annually.
It is the smaller Tier 3 and 4 companies that are the most at risk since they may be fined or even barred from taking card payments if found in to be in breach of regulations.
Using our expertise and our relationships with PCI consultants and auditors , Xyone can help you to take control of your PCI DSS compliance with a straightforward three-step framework based on security, compliance and certification.
By guiding you through this framework, we will ensure that you not only have the technology foundation in place to meet with PCI DSS, but also that information security within your operation extends beyond technology to encompass your people, culture, processes and physical environment so as to keep it resilient –even in the event of a breach.
Contact us today to discuss your PCI DSS related requirements.
We are unique in the ability to work with businesses to take them through a three-step process to achieve security, compliance and certification, utilising strong relationships we have with consultants, auditors and certification bodies.
We are able to offer independent cyber security consultancy, advice and coaching to help you identify the cyber security needs of your business and where we can recommend solutions, services and training to mitigate the cyber risk.
Cyber security training can help your staff to proactively reduce the risk of a cyber attack to your business. We offer training to your management, employees and mobile workers to raise awareness and protect your assets.