PCI DSS Compliance Does it impact on my business?
If you are a merchant, you are processing, transmitting or storing payment card details on your network, then the answer is a resounding “YES”!
If you are unaware or indeed have never heard of PCI DSS before, this of course DOES NOT absolve you from the responsibility that its rules and regulations put on you to protect your customers’ card-holder data. It is also very important to note that the deadlines for compliance have now passed, and therefore if you are processing card transactions, then you do have an immediate contractual obligation to become compliant.
Processing credit or debit card payments in the UK
PCI DSS compliance standards are published by the Payment Cards Industry Security Standards Council. This body has been created by all of the major credit card brands, such as Mastercard, Visa and American Express, collaborating as a direct response to the significant increase in credit card fraud in recent years.
Despite global efforts to combat card fraud, fraud rose in 2013 but still represented only 7.4p for every £100 spent in the UK. Cheque fraud and telephone banking fraud fell by 22% and 8% respectively, and there was a small 3% rise in online banking fraud.
It is true to say that network security weaknesses have caused significant and highly publicised card data losses in recent years, and we are probably all aware of the high profile case of a certain Japanese electronics manufacturer who weren’t as diligent as they should have been in terms of protecting the card holder data of their games console customers.
But we also need to note that PCI DSS compliance is just as much about making sure that we as SME merchants and service providers, are observing good business practice, as it is about multinational corporations using secure and robust data centres.