Social Media, Website Procurement, SEO, Strategy, Planning & Consultancy
Understanding Internet Web Solutions :Tel 0121 288 2822
PCI DSS Compliance
Follow BicWeb on Twitter
Print PCI DSS Compliance

PCI DSS Compliance Payment Card Industry Data Security Standards

PCI DSS Compliance

Payment Card Industry Data Security Standards and how they effect your on-line business.

Ensure that your new ecommerce website and internal card payment structures and processes are PCI DSS compliant or face fines of over £250,000.

All websites that offer the facility to accept payment via credit and charge cards are required to meet the latest Payment Card Industry and Payment Application Data Security Standards. These standards are requirements detailed in merchant account agreements and there are no exceptions to the rules.

PCI DSS compliance was introduced due to the increasing threat of data theft, with millions of stolen customer card records, the card payment industry were forced to take action. To secure customer data and confidence, card payment companies joined forces to create the PCI DSS standard.

WHAT IS PCI DSS?

Payment Card Industry Data Security Standards (PCI DSS) is a set of 12 comprehensive requirements designed to secure and protect customer payment account data. These rules need to be adhered to by all online merchants, and are constantly in review and as such can alter.

PCI DSS Compliance

The 12 PCI DSS Requirements are:

BUILD AND MAINTAIN A SECURE NETWORK

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

PROTECT CARDHOLDER DATA

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and applications

IMPLEMENT STRONG ACCESS CONTROL MEASURES

Requirement 7: Restrict access to cardholder data by business need-to-know

Requirement 8: Assign a unique ID to each person with computer access

Requirement 9: Restrict physical access to cardholder data

REGULARLY MONITOR AND TEST NETWORKS

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

MAINTAIN AN INFORMATION SECURITY POLICY

Requirement 12: Maintain a policy that addresses information security

PCI DSS Compliance

WHY DO YOU NEED PCI DSS?

PCI DSS applies to you if you are involved in storing, processing or transmitting any cardholder data. What’s more, the standard doesn’t just apply to storing data electronically. It also covers manual processing and storage.

Although not a legal requirement, compliance with PCI DSS standards is a requirement by Visa, MasterCard and American Express, as well as merchant account providers such as Barclaycard, HSBC, RBS WorldPay and Lloyds TSB. These merchant account providers are required to report the status of merchant account holders to Visa, MasterCard and American Express, who will if found, enforce hefty non-compliance fines.

WHAT HAPPENS IF YOU DO NOT COMPLY WITH PCI DSS?

Failure to comply with the PCI DSS standards will result in fines. The below schedule details the fines that will be levied, and as they are part of all merchant agreements, they are enforceable by your merchant account provider on behalf of Visa, MasterCard and American Express.

The below figures apply to Level 4 merchants only. If you are a level 3, 2 or 1 merchant the fines can be higher. For further clarification on fine details, please refer to your merchant account provider.

Non-compliance will result in card scheme fines being passed onto you, monthly non-compliance fines, and/or termination of your card processing facilities. The costs involved after a data security breach can be extremely high.

In the event of a data compromise, MasterCard and Visa rules require that a forensic investigation will take place. This can potentially cost you thousands of pounds with no upper limit. Following the results of the investigation, the card schemes will submit the following fines.

 

MASTERCARD

$25 per card that needs re-issuing

$5 for each potential compromised card being monitored

An additional maximum of $100,000 fine per incident

$100,000 for storage of the card security code (CSC) also known as CVC2, CV2 or CVV2.

VISA

Initial Penalty of €10,000

Insufficient remediation €5,000

Monthly violation fee €10,000

Monthly violation fee after 5 months €15,000

PCI DSS Compliance

The card schemes retain the rights to modify these fines and charges at any time. All fines are charged in the stated currency to avoid any conversion discrepancy.

In the event that you do not process payments on your website, but transact them through a third party or Payment Gateway provider, you technically may not need to be PCI DSS compliant, but would need to be PA DSS compliant. Business Internet Consultant recommends as best practice that you comply with PCI DSS requirements, and if needed PA DSS requirements. Adherence to these security standards will protect you against the potentially unlimited fines that could be imposed upon you should the worst happen. Implementing these measures now are certainly a better solution than trying to defend your business on a technicality later.

DOES YOUR WEBSITE NEED TO BE PCI DSS COMPLIANT?

Under certain circumstances your website may not need or require to be PCI DSS compliant. At Business Internet Consultant, we believe that all online businesses should work to best practice, and ensure that their websites meet all of the necessary data security standards, even if technically it is not currently required of them. The Payment Card Industry is constantly reviewing PCI DSS requirements and increasing the minimum level of compliance, so it is always better to be prepared.

Please complete the form below if you can complete as much information as possible this will allow us to direct your enquiry more efficiently.

Your Details
First Name:
Surname:
Company:
Web Address:
Preferred Contact Information
E-Mail:
Telephone:
SMS:
Your Enquiry
Product you are looking for: (Please select all you require)
When are you looking to start this project?:
When would you like to be contacted?:
Further Information
Please compete the following box if you feel further information could be more useful in dealing with your enquiry:

PCI DSS Compliance

PCI DSS Compliance

PCI DSS Compliance - Payment Card Industry Data Security Standards - Requirements for ecommerce solutions.

Published by on 13/09/2011 at 14:47.
PCI DSS Compliance
 
PCI DSS Compliance
 
Copyright © 2011 Business Internet Consultant. All Rights Reserved.
It is 13/12/24 09:22 and 5o overcast clouds; later Clouds, tomorrow . Wind Direction: NE 040o, 2 mph. Sunrise: 08:15. Sunset: 15:55
Business Internet Consultant RSS