PCI DSS Compliance

Compliance with PCI DSS can be challenging due to the broad scope of the standard.

PCI DSS really is a security framework for protecting cardholder data. Compliance does not equal security, so merchants continue to experience data breaches – Data breaches at organizations of all types and sizes continue to make headline news.

A card-not-present transaction can include Internet, mail, fax, or telephone acceptance of credit card account information. e.g. during the course of performing their job responsibilities, telephone sales representatives will have access to full credit card numbers, billing addresses, and CVV2 codes.

PCI DSS is intended to protect cardholder data in the card-not-present industry as described above.

Despite the standard becoming mandatory for ALL since Oct 2010, many business and organisations are still unfamiliar with PCI DSS, or at least, uncertain as to how to comply with it. With the threat of fines of up to £300,000, and the risk of losing a merchant account and possibly irreparable damage to a businesses reputation should non-compliance lead to data loss or theft it would make perfect sense to find out more.

The Payment Card Industry (PCI – set up by the likes of Visa and American Express) requires that all retailers and businesses wishing to take payments over the phone must adhere to its strict regulations. With an increase in debit and credit card fraud, these regulations were recently tightened (January 2011) and businesses had until December 2011 to meet the new standards.