If you’re going to accept card payments you’ll need to manage data security and meet certain standards.
Here’s a guide to how PCI DSS Compliance works and why it matters.
If your business is going to accept card payments either in store, over the phone or online you’ll have to meet certain data and security requirements.
These are known as the Payment Card Industry Data Security Standards (PCI DSS).
Essentially, PCI DSS is the framework for what is required in creating a safe environment for the process, storage and transmission of credit or debit card information during the payment process.
It includes a list of 12 specific requirements that companies planning to accept card payments should comply with to ensure they are keeping payment and card details of customers safe.
It’s important that you take your compliance with these rules seriously as non-compliance can result in fines.
They include protections like using firewalls to prevent third parties gaining access to private information. These are similar to those offered as part of cyber security for computers and create a barrier between data and people trying to access it.
You must also have a process in place to ensure proper passwords are used on all your devices, such as card machines.
This is so that if anyone steals the machine, it will be harder for them to access information.
You must keep a secure log of devices and passwords, and steps you have taken to secure those devices.
This includes protecting card details and customer data, if you’re storing the information yourself.
However, if you use a payment solution from a provider like Handepay, you won’t store any personal customer information on your own system, reducing your liability.
You’ll also have a responsibility to ensure your payment devices are using the most updated software to ensure any built in antivirus is up-to-date.
Most card machines will prompt you to keep your information updated so you’ll know when new versions are available.
Protecting data and restricting access to it is something else you’ll have to consider if you’re storing payment information in your own systems.
This includes ensuring that only relevant members of staff can access data and putting restrictions in place to keep it hidden from others.
You’ll also need to keep accurate data access logs so you can easily record and see who has accessed data at any given time.
This can help identify any anomalies and help you understand how and when your sensitive data is being accessed.
Like any new procedures or processes, it can be difficult or seem daunting to remain compliant with PCI DSS rules.
But it’s really no different to any other responsibility you have for protecting your own and your customers’ sensitive information.
These rules help keep that information secure by ensuring you’re putting processes in place to protect any data you are trusted with.
Over time it will just become a regular part of what you manage as part of your business.
There are, of course, challenges involved and the consequences of failing to remain compliant can be severe for your business with monthly fines imposed if you’re not compliant.
There’s also the reputational issue of what can happen if your business becomes known as a place that can’t keep customers’ private data secure.
If you work with us, we’ll sort all the compliance forms out for you and provide guidance on how to keep yourself compliant so you don’t get fined and don’t have to worry about data security and compliance.
Many card machine providers will include PCI DSS compliance fees as part of their services.
However, at Handepay, we don’t charge you these extra fees so you won’t have to pay extra to remain PCI DSS compliant with one of our card machines or electronic payment services.
If you want to know about using a card machine or the issues around data security and protection, get in touch.
If you’re thinking about using a card machine in your business, get a free quote today.