PCI DSS: is your business compliant?

PCI DSS: is your business compliant?

If your business processes card payments, it’s vital that you are PCI DSS compliant. As of December 31st 2017, new PCI security levels will come into force in respect of your hardware. This could affect businesses across the UK still using older card terminals. Many will become non-compliant, whilst some will cease to work entirely.

What is PCI DSS?

Standing for Payment Card Industry Data Security Standard, it is a set of guidelines that regulate card transactions to protect customer data. They ensure that all card payments are accepted, processed, stored and transmitted securely.

The regulation of card payments was first launched in the late 1990’s, but the explosion in popularity of the internet introduced new ways to commit card fraud. The five major card brands, Visa, MasterCard, American Express, Discover and JCB, supported a combined set of regulations for businesses, and PCI DSS 1.0 was launched in 2004.

The standards have evolved over the past 13 years, with updated regulations coming into effect every two or three years.

What are the current PCI DSS requirements?

Currently, there are 12 security standards that businesses accepting card payments must adhere to. These fall under six categories:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

PCI DSS standards regulate the use of software, hardware and personal behaviour. Firewalls and up to date anti-virus software must be in place to protect data stored on computers. Any customer data that is shared across open networks must be encrypted.

Every employee must act within PCI requirements, and each person with computer access must have a unique ID. This means that you can easily find out how any breaches have happened, and can stop disgruntled employees causing problems anonymously.

Is my card terminal compliant?

If your card terminal doesn’t adhere to the latest PCI hardware requirements, you are putting your customers card details at risk. You must work with your card terminal provider and your acquirer to make sure you are in line with the standards.

The age of your card terminal could affect your PCI DSS compliance. Updates are made to the PCI DSS standards, due to advances in technology posing new customer data threats. Coming into effect on December 31st 2017 is a “sunset” date for those older terminals, meaning that some terminals will no longer be able to comply with the regulations, and some will even stop working.

The easiest way to find out if your machine complies with PCI standards is to talk to your card terminal provider. They will be able to let you know if you need to take any action before Christmas, to make sure you’re still compliant in January.

What if I don’t comply?

If your card terminal is not compliant, you may start to receive fines. Some company owners are unaware of this, and end up paying extra each month.

Racheal Browes from 10 Bridge discovered that she had been paying PCI DSS non-compliance fines when she switched to Handepay.

“I was shocked when our Handepay advisor informed me that we had been paying fines for PCI DSS non-compliance for years. I was annoyed that my previous providers had never made me aware, as I was being charged £17.99 per month on top of my standard fees!”

How can I become PCI DSS compliant?

If your terminal will become non-compliant on the 31st December, it’s vital that you upgrade your machine now.

All new Handepay terminals are certified to the highest security standard, complying with PCI DSS regulations. Plus, unlike many other terminal providers, Handepay never charge for PCI compliance or non-compliance.

To find out how a PCI DSS compliant terminal could benefit your business, get in touch with one of our friendly advisors!