(ID999) INCIDENT RESPONSE - Tel: UK 0044 1732 897 601

PCI DSS Compliance

Payment Card Industry Data Security Standard

The standard was instigated and implemented jointly by Mastercard and Visa in response to increased fraud and identity theft involving stolen credit card data, in order to limit losses by the card providers and improve consumer confidence. It also has the backing of two of the other key players in the form of American Express and Diners Club.

What is PCI addressing?

There are two key elements that the standard addresses

  1. To allay consumer fears over using their credit cards online (e.g. that their details may be compromised or abused)
  2. To ensure that merchants are more accountable for their own risk

Loss liability and compliance

In the instance that cardholder data is compromised, any merchant that is found to be unable to demonstrate compliance with this new standard may now be deemed liable for any losses that occur as a result of the security breach. There are several other risks that present themselves beyond compliance such as reputation and brand damage. The Governing body behind the standard can also impose fines and withdrawal from the card acceptance programme in exceptional circumstances.

PCI ASV & QSA Services

BII Compliance partners with multiple Approved Scanning Vendors (ASV) and also has Qualified Security Assessors (QSA) available to service your organisation.

All companies that process and store customer payment card transactions are required to maintain their network security in accordance with the detailed specifications mandated under the Payment Card Industry data security standard (PCI DSS). Failure to demonstrate compliance can result in severe restrictions being placed on merchants by the card issuers, including the ultimate sanction of withdrawal of card authorisation facilities.

Where we can help

There are various separate compliance validation requirements for merchants and service providers, which vary depending on the size of the company. Compliance levels are defined based on annual transaction volume and corresponding risk exposure.

The below form part of the jigsaw that makes up the overall PCI standard:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy