PCI-DSS

The Payment Card Industry Data Security Standard (PCI-DSS) protects businesses and their customers against payment card theft and fraud. PCI-DSS compliance validation is required by payment card brands such as VISA and MasterCard and by your acquiring bank if you process card payments.

Why be PCI-DSS complaint?

PCI-DSS compliance is mandatory if processing payment card transactions. Compliance also provides you with peace of mind that your cardholder data is securely stored, lowering your risk of a data breach which may cause embarrassment, loss of confidence from customers and regulatory sanction.

Compliance will help you to build the trust of your customers as it shows that you are not willing to take risks with their payment card information and demonstrates a commitment to information security more generally. It can help you to comply with other security and privacy requirements such as the Data Protection Act and GDPR and it puts in place a framework which will encourage regular review and improvement of your processes to ensure that you will remain secure in the future.

What does compliance entail?

The PCI-DSS standard specifies twelve standards for compliance. These requirements cover security management, policies, procedures, network architecture, software design and other critical protective measures, and provide the framework for secure card payments. Validation of compliance is performed annually, either by an external Qualified Security Assessor, which will complete a report on compliance or, for companies handling a small volume of transactions, a self-assessment questionnaire.

What we can do

Best4business Technology Partners can help you to understand how the requirements of PCI-DSS apply to your company and the required scope of your implementation, and answer questions such as whether you need an external assessment to validate compliance.

We can perform a gap-analysis of your current compliance status and provide any level of support from consulting on what changes you need to make to implementation of those changes.