Good things are happening in British business
Find out how some of our customers have evolved their businesses in innovative ways.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of mandatory requirements designed to safeguard cardholder data. PCI DSS compliance is mandatory for any business that processes credit and debit card transactions and vital for companies that want to keep their customers’ data secure.
Each transaction your business processes will involve sensitive cardholder information. This data must be processed, stored and transmitted securely to protect your customers and your business from the increasing threat of fraud.
PCI DSS consists of 12 high-level requirements across six categories. Some or all the 12 may be applicable to you depending on the nature of your business, and whether you store card data or not.
Compliance with PCI DSS is mandated by all the Card Schemes (including Visa® and Mastercard®) and applies to all businesses that accept credit and debit cards. A global forum – the PCI Security Standards Council – oversees the standard. The council released the latest update (version 4.0) on 31/3/22. PCI DSS v3.2.1 remains valid until 31/3/24.
If you decide to use a Hosted Payment Page (HPP) to process e-commerce transactions, the most secure approach is to outsource your card data to a payment service provider. This allows you to keep the data totally segregated from your e-commerce environment at all times.
Even with this arrangement, you should use ‘penetration testing’ which can verify that the data doesn’t enter your business’s environment, giving you peace of mind that your customers’ data is safe.