Published on July 15th, 2014 | by Sally Wenham

It Pays To Comply With Payment Card Industry Data Security Standards

For any business that takes credit or debit card payments, it is imperative to comply with Payment Card Industry Data Security Standards (PCI DSS) set out by The PCI Security Standards Council. PCI DSS is a security standard which regulates organisations that store, transmit or process credit and debit card information. For any business that is not using a hosted solution, the requirements of PCI DSS must be adhered to.

The risk of fraud impacting on both businesses and shoppers has been well documented, notably from online transactions due to the prevalence of computer viruses, worms, Trojan horse and Spyware which can all potentially lead to data breaches. Yet a recent survey we’ve seen here at the Post Office Shop conducted by Sage Pay has claimed that almost half of companies (42 per cent) don’t even know if they are PCI DSS compliant.

Covering payments made online as well by mail, over the phone and using card machines, PCI DSS aims to enhance the entire payment card data security process from prevention, to detection as well as providing guidance on dealing with security incidents which occur.

So how does an e-commerce business become PCI DSS-compliant? Even for an SME launching an online business, it is imperative to be familiar with the most recent regulations outlined in the PCI DSS standards. By helping reduce the risk of fraud, PCI DSS is a global framework which sets out 12 requirements:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Protect all systems against malware and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to data by business need to know
  8. Identify  and authenticate access to system components
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

It certainly pays to be PCI DSS compliant, you have been warned!

Tags: , , , , ,

About the Author

Comments are closed.

Back to Top ↑
  • Search the

  • Recent Posts

  • Archives

    • +2020 (21)
    • +2019 (88)
    • +2018 (175)
    • +2017 (170)
    • +2016 (73)
    • +2015 (206)
    • +2014 (273)
    • +2013 (36)
  • Categories - Free Delivery on all orders over £30 ex. VAT - (excluding stamps and collectibles
Inks & Toners Collectibles
Postal Supplies Office Supplies
Special Offers Office Equipment
Facilities Supplies Brand Shops