I am an independent retailer and have been told by my payment provider I could be fined if I am not PCIDSS compliant. What does this mean, and how do I become compliant?
The Payment Card Industry Data Security Standard (PCIDSS) represents a set of principles that ensure a customer’s sensitive payment information is handled and stored securely.
Relevant to every retailer that takes card payments, the PCI standard includes measures such as implementing a firewall, not storing customers’ card details on paper or computers and sending only encrypted data over open networks. This ensures cardholders’ details are kept out of the hands of data thieves.
Alongside penalties imposed by card brands for non-compliance, the consequences of a data breach are serious and can include legal action, damage to reputation and ultimately loss of business. It is therefore advisable that retailers start taking measures to become PCI compliant as soon as possible.
Although PCIDSS has been around since 2006, many retailers are still not compliant because of the perceived expense and time it entails. Each card brand has a different system, but merchants need to demonstrate their compliance by an independent Quality Security Assessor’s certification.
Clive Kahn, chief executive at card payment specialist CardSave, says: “Small businesses can be especially vulnerable to data breaches, but they shouldn’t feel overwhelmed by the PCI-compliance process. There are card-services providers that will help with administration as a valuable first step. They can also provide support, taking merchants through the set-up process and will work hard to minimise costs.”
No comments yet