HomeResources

Are you ready for PCI compliance?

PCI DSS is a multi-faceted security standard that includes requirements for data security, helps organisations that process card payments prevent credit card fraud, hack and various other security vulnerabilities and threats.

From October 1 PCI compliance will go from best practice to mandatory. All merchants processing less than one million transactions annually must process using a PCI DSS certified provider or provide certification of their own PCI DSS compliance to their acquiring bank. This mandate follows changes to Visa’s Account Information Security Programme.

Acquiring banks are required to provide reports to Visa and MasterCard on all merchants with non-compliance issues. The resulting fines levied by the card schemes can be high. Daily fines can be levied and card processing facilities can be suspended if your system subsequently experiences a security breach.

A commonly held myth is that merchants need only complete a self-assessment questionnaire to become PCI compliant. If they are using their own payment pages merchants need to ensure that they comply with all 12 PCI DSS requirements.

Quarterly scans of the business network need to be done if cardholder data is stored, transmitted or processed on the network. This also affects MOTO (mail order/telephone order) merchants that process card payments via a virtual terminal, even if they do not also process payments online.

PCI compliance can be very complex and costly in more ways than one for online businesses with limited resources. To tackle online debit and credit card fraud the card schemes are constantly updating the security standards. Rigorous monitoring of PCI DSS is often called for, which can be especially difficult for smaller businesses that often don’t have the in-house expertise to manage it.

Merchants can enroll in IP Pay's PCI compliance program which will help them become compliance based on the merchants payment processing package. IP Pay has also issued guides to getting PCI compliant with information on what steps you need to take to meet the requirements.