Arrow back

PCI DSS Compliance – Everything You Need to Know

02 December, 2019

Struggling to get to grips with PCI DSS compliance and why it’s important for your organisation?

If you handle payment card information and want to work with the major credit card brands, you have to be compliant with the Payment Card Industry Data Security Standard (PCI DSS).

Similar to the General Data Protection Regulation, PCI DSS noncompliance can lead to hefty fines for you and your business.

We hope that this blog sheds some light on the subject and helps you understand why PCI DSS compliance is important.

What is PCI DSS?

PCI DSS is an information security standard set out by major card brands and the Payment Card Industry Security Standards Council to reduce fraud and increase the security around cardholder data.

The standard sets out requirements for how businesses should securely process, store, accept and transmit cardholder data during credit card transactions.

Where Does PCI DSS Apply?

Whether you accept credit card payments online, by telephone or face-to-face at a till, every transaction should be as secure as possible. If you are a merchant who processes payment information, you must comply with PCI DSS.

How Does PCI DSS Compliance Work?

There are different levels of security requirements depending on the number of payment card transactions your organisation makes per year, risk level (as determined by card vendors), and other factors including data breach history.

These requirements range from Level Four, which has the fewest, to Level One, which has the highest. The number of transactions per year needed for each level are as follows:

  • Level 1 - 6,000,000 or more
  • Level 2 - 1,000,000 to 6,000,000
  • Level 3 - 20,000 to 1,000,000
  • Level 4 - Fewer than 20,000

Why is PCI DSS important?

When your customers purchase your products and services, they place their trust in you to keep all the data your store about them secure.

If you suffered a data breach and payment information was compromised, your customers will have to cancel credit cards, reorder new ones and could potentially become victims of fraud. Payment card information is the most coveted data for cybercriminals.

What Can I Do to Achieve PCI DSS Compliance?

Technically there is no certificate for PCI DSS compliance, but all organisations that process cardholder data, including all sellers, service providers and banks, have to prove they are PCI DSS compliant.

Your PCI DSS Compliance Checklist 2019

The PCI Security Standards Council has created a series of PCI DSS Self-assessment Questionnaires to help merchants and service providers assess security for cardholder data.

What Are the Consequences of PCI Noncompliance?

If you aren’t sure about the PCI DSS fines for being non-compliant, then you most certainly aren’t alone.

According to Square Up, 30% of small businesses don’t know the penalties for non-compliance for PCI DSS 3.0.

Being handed a fine by a governing body can be harmful to not only an organisation’s finances but also its reputation, which could cause customers to stop using its products and services.

Not being PCI compliant or having inappropriate cardholder data handling policies in place could leave your business open to potential data breaches, resulting in:

  • Customers and partners losing confidence
  • Reduced sales
  • Cost of man-hours to reissue new card payments
  • Fraud
  • Fines and penalties

PCI DSS compliance is more than check-box exercise in order to take payments, it touches on many key areas of cyber security awareness. For example, have you ever been asked to write your credit or debit card details down when paying for a kids class?

Under PCI DSS certification, such behaviour is illegal can leave you susceptible to identity theft, which can, in turn, lead to phishing attempts and data breaches.

To educate your staff on the importance of PCI DSS compliance, enrol your workforce on our PCI DSS course today.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
Crown Commercial Service Supplier
HM Treasury
ISO27001 & ISO9001
Cyber Essentials Plus
Global Cyber Alliance