PCI DSS: is your business compliant?


If your business processes card payments, it’s vital that you are PCI DSS compliant. As of December 31st 2017, new PCI security levels will come into force in respect of your hardware. This could affect businesses across the UK still using older card terminals. Many will become non-compliant, whilst some will cease to work entirely.

What is PCI DSS?

Standing for Payment Card Industry Data Security Standard, it is a set of guidelines that regulate card transactions to protect customer data. They ensure that all card payments are accepted, processed, stored and transmitted securely.

The regulation of card payments was first launched in the late 1990’s, but the explosion in popularity of the internet introduced new ways to commit card fraud. The five major card brands, Visa, MasterCard, American Express, Discover and JCB, supported a combined set of regulations for businesses, and PCI DSS 1.0 was launched in 2004.

The standards have evolved over the past 13 years, with updated regulations coming into effect every two or three years.

What are the current PCI DSS requirements?

Currently, there are 12 security standards that businesses accepting card payments must adhere to. These fall under six categories:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

PCI DSS standards regulate the use of software, hardware and personal behaviour. Firewalls and up to date anti-virus software must be in place to protect data stored on computers. Any customer data that is shared across open networks must be encrypted.

Every employee must act within PCI requirements, and each person with computer access must have a unique ID. This means that you can easily find out how any breaches have happened, and can stop disgruntled employees causing problems anonymously.

Is my card terminal compliant?

If your card terminal doesn’t adhere to the latest PCI hardware requirements, you are putting your customers card details at risk. You must work with your card terminal provider and your acquirer to make sure you are in line with the standards.

The age of your card terminal could affect your PCI DSS compliance. Updates are made to the PCI DSS standards, due to advances in technology posing new customer data threats. Coming into effect on December 31st 2017 is a “sunset” date for those older terminals, meaning that some terminals will no longer be able to comply with the regulations, and some will even stop working.

The easiest way to find out if your machine complies with PCI standards is to talk to your card terminal provider. They will be able to let you know if you need to take any action before Christmas, to make sure you’re still compliant in January.

What if I don’t comply?

If your card terminal is not compliant, you may start to receive fines. Some company owners are unaware of this, and end up paying extra each month.

Racheal Browes from 10 Bridge discovered that she had been paying PCI DSS non-compliance fines when she switched to Handepay.

“I was shocked when our Handepay advisor informed me that we had been paying fines for PCI DSS non-compliance for years. I was annoyed that my previous providers had never made me aware, as I was being charged £17.99 per month on top of my standard fees!”

How can I become PCI DSS compliant?

If your terminal will become non-compliant on the 31st December, it’s vital that you upgrade your machine now.

All new Handepay terminals are certified to the highest security standard, complying with PCI DSS regulations. Plus, unlike many other terminal providers, Handepay never charge for PCI compliance or non-compliance.

To find out how a PCI DSS compliant terminal could benefit your business, get in touch with one of our friendly advisors!

Financial disclaimer:

Terminal hire contracts are provided by Merchant Rentals Limited, who is authorised and regulated in the UK by the Financial Conduct Authority (FCA) for Consumer Hire under FRN 720500. Terminal hire can be for consumer hire and non-regulated hire contracts. Please check your contract carefully for details. Regulation of all consumer hire fall under the control of the FCA.

Handepay Ltd is authorised and regulated by the FCA for Consumer Credit under FRN 673564. Handepay is a credit broker for consumer hire not a lender.

Handepay acts as an introducer of card acquiring services on behalf of EVO Payments UK, the card acquiring service provider. EVO Payments UK is the trading name of EVO Payments UK Ltd, a payment institution that is authorised and regulated by the Financial Conduct Authority (FRN number 959332).

Existing Cards Businesses- The one-month rolling terminal hire contract from Merchant Rentals is only available to businesses that are switching from their current acquirer to EVO Payments UK arranged through Handepay.

New to Cards Businesses- The 12-month terminal hire contract from Merchant Rentals is only available to businesses that are new to card payments and wish to receive acquiring services from EVO Payments UK, arranged through Handepay.

The Next Day Banking Settlement service provided by EVO Payments UK incurs an additional fee of £4 a month on top of your acquiring service charges and fees. Provided your card machine performs a reconciliation before 12am (midnight), you’ll receive settlement of funds the next banking day.

Editorial disclaimer:

The information we provide does not constitute financial advice and might not apply to your business. Always carry out research into your business’ needs when choosing a new merchant services provider.

Sometimes, we link to other third-party websites to provide you with additional information. At the time of publication, we consider the information accurate, however, we do not have control over their content and are not responsible if any information on these websites change.

The products we display on our website are for illustrative purposes only - if your business requires additional facilities, you may receive a different model than advertised.

All of the information contained on this website, including fees, services and functionality, are correct at time of publishing. E&OE.