Payment Card Industry Security is an essential for any online business that uses any kind of debit or credit card to make transactions. The PCI Data Security Standard (or PCI DSS) is a standard for companies that handle (or store) customer credit card details and bank details. In this blog we will explain the benefits of PCI DSS and how you and your company can reach the standard.
What is the PCI Data Security Standard?
The Payment Card Industry Security Data Security Standard is an information standard for any and all companies that handle data on customers' credit cards. The standard covers all types of credit cards and all of the major companies.
The PCI DSS is administrated by the Payment Card Industry Security Standards Council. It was set up to lower the amount of credit card fraud online and offline.
PCI DSS focuses only on lowering online fraud and giving online customers peace of mind when entering their details online. Adhering to the standard allows you to advertise that you are one of the many companies that comply to the standard, letting customers know that their details will be safe with you. This is a vital standard to follow if your business relies on online transactions.
Many Payment Service Processors (e.g. Barclaycard) have tightened up their regulations in 2018, causing the questionaire to be harder for the layman to fill in. Thus the need for the consultancy and rectification services we offer.
What do I need to get the PCI Data Security Standard?
The standard itself requires you to make several security measures before taking a test of validation. After you have reached the following requirements you will have to either perform a self-assessment, have a valid external body (like Bongo IT) inspect your network, or have a qualified internal staff member perform an assessment.
The basic rules outlined to reach the standard are as follows:
You must build and maintain a secure network - This can be done by installing and maintaining a firewall configuration to protect users card details. You should also consider making sure all passwords are changed from default "factory settings" passwords and then that passwords are changed regularly.
You must protect card holder data - You must keep the physical aspect of your data storage secure (in a storage room that is locked and secure). You must also be sure to encrypt any users' card details during a transmission to your website, especially on a open/public network.
You must maintain a vulnerability management program - You must always have anti-virus software and update it whenever a new update is available. You must also run regular anti-malware and anti-virus scans. You should keep your computers up to date with the latest operating system and update that operating system as often as possible. You must also be sure not to download any unnecessary programs or applications.
You must implement strong access control measures - This means making sure only employees that need to see the card details can see the detail and that people that don't need to see the details can't gain access to them. Having a system of unique IDs for each customer is also required, so that their name isn't directly attached to the card, this will help prevent identification theft. You must also make sure that only a few employees have direct access to the physical data storage.
And finally you should maintain a policy that is visible to both your staff and customers that this is the level of security that your company will have when handling personal card data. After all of those requirements have been met, you can perform a self-assessment or have an external body assess your security. After a review you will be given the results and the PCI DSS certificate and crepitation if you have passed.
If you have any questions or want help trying to gain this standard for yourself then give us a call and we will help you!
Call Bongo IT on: 01865 988 217
The official PCI Security Standards Council website: https://www.pcisecuritystandards.org/
Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide
Call us on: 01865 988 217