Why should I care about PCI DSS Compliance


If you’re going to accept card payments you’ll need to manage data security and meet certain standards.

Here’s a guide to how PCI DSS Compliance works and why it matters.


If your business is going to accept card payments either in store, over the phone or online you’ll have to meet certain data and security requirements.

These are known as the Payment Card Industry Data Security Standards (PCI DSS).

What is PCI DSS?


Essentially, PCI DSS is the framework for what is required in creating a safe environment for the process, storage and transmission of credit or debit card information during the payment process.

It includes a list of 12 specific requirements that companies planning to accept card payments should comply with to ensure they are keeping payment and card details of customers safe.

It’s important that you take your compliance with these rules seriously as non-compliance can result in fines.


Hand holding edge of a card payment


What are the PCI DSS requirements?


The individual requirements dictate what businesses should set up if they are planning to include card or electronic payments as part of their business:

Firewalls and online security


They include protections like using firewalls to prevent third parties gaining access to private information. These are similar to those offered as part of cyber security for computers and create a barrier between data and people trying to access it.

Secured padlock

Green shield with green tick

Password protections


You must also have a process in place to ensure proper passwords are used on all your devices, such as card machines.

This is so that if anyone steals the machine, it will be harder for them to access information.

Logging critical information


You must keep a secure log of devices and passwords, and steps you have taken to secure those devices.

This includes protecting card details and customer data, if you’re storing the information yourself.

However, if you use a payment solution from a provider like Handepay,  you won’t store any personal customer information on your own system, reducing your liability.

Payment Card with a secure padlock on it

Card payment being processed

Keep your software up to date


You’ll also have a responsibility to ensure your payment devices are using the most updated software to ensure any built in antivirus is up-to-date.

Most card machines will prompt you to keep your information updated so you’ll know when new versions are available.

Restrict access to data


Protecting data and restricting access to it is something else you’ll have to consider if you’re storing payment information in your own systems.

This includes ensuring that only relevant members of staff can access data and putting restrictions in place to keep it hidden from others.


Payment via phone taking place

Gold payment card on a keyboard

Keeping accurate data logs


You’ll also need to keep accurate data access logs so you can easily record and see who has accessed data at any given time.

This can help identify any anomalies and help you understand how and when your sensitive data is being accessed.

Staying compliant with PCI DSS


Like any new procedures or processes, it can be difficult or seem daunting to remain compliant with PCI DSS rules.

But it’s really no different to any other responsibility you have for protecting your own and your customers’ sensitive information.

These rules help keep that information secure by ensuring you’re putting processes in place to protect any data you are trusted with.

Over time it will just become a regular part of what you manage as part of your business.

There are, of course, challenges involved and the consequences of failing to remain compliant can be severe for your business with monthly fines imposed if you’re not compliant.

There’s also the reputational issue of what can happen if your business becomes known as a place that can’t keep customers’ private data secure.

If you work with us, we’ll sort all the compliance forms out for you and provide guidance on how to keep yourself compliant so you don’t get fined and don’t have to worry about data security and compliance.

Be wary of PCI DSS compliance fees


Many card machine providers will include PCI DSS compliance fees as part of their services.

However, at Handepay, we don’t charge you these extra fees so you won’t have to pay extra to remain PCI DSS compliant with one of our card machines or electronic payment services.

If you want to know about using a card machine or the issues around data security and protection, get in touch.

If you’re thinking about using a card machine in your business, find out more.


Financial disclaimer:

Terminal hire contracts are provided by Merchant Rentals Limited, who is authorised and regulated in the UK by the Financial Conduct Authority (FCA) for Consumer Hire under FRN 720500. Terminal hire can be for consumer hire and non-regulated hire contracts. Please check your contract carefully for details. Regulation of all consumer hire fall under the control of the FCA.

Handepay Ltd is authorised and regulated by the FCA for Consumer Credit under FRN 673564. Handepay is a credit broker for consumer hire not a lender.

Handepay acts as an introducer of card acquiring services on behalf of EVO Payments UK, the card acquiring service provider. EVO Payments UK is the trading name of EVO Payments UK Ltd, a payment institution that is authorised and regulated by the Financial Conduct Authority (FRN number 959332).

Existing Cards Businesses- The one-month rolling terminal hire contract from Merchant Rentals is only available to businesses that are switching from their current acquirer to EVO Payments UK arranged through Handepay.

New to Cards Businesses- The 12-month terminal hire contract from Merchant Rentals is only available to businesses that are new to card payments and wish to receive acquiring services from EVO Payments UK, arranged through Handepay.

The Next Day Banking Settlement service provided by EVO Payments UK incurs an additional fee of £4 a month on top of your acquiring service charges and fees. Provided your card machine performs a reconciliation before 12am (midnight), you’ll receive settlement of funds the next banking day.

Editorial disclaimer:

The information we provide does not constitute financial advice and might not apply to your business. Always carry out research into your business’ needs when choosing a new merchant services provider.

Sometimes, we link to other third-party websites to provide you with additional information. At the time of publication, we consider the information accurate, however, we do not have control over their content and are not responsible if any information on these websites change.

The products we display on our website are for illustrative purposes only - if your business requires additional facilities, you may receive a different model than advertised.

All of the information contained on this website, including fees, services and functionality, are correct at time of publishing. E&OE.