Meeting the Payment Card Industry Data Security Standard (PCI DSS)

the bureau main site | blog home | contact us

Meeting the Payment Card Industry Data Security Standard (PCI DSS)
27th October 2011

The rules and regulations governing the security of credit card payments are changing and forcing companies who accept credit card payments online to be compliant with one of 4 levels of security compliance. The level will depend on the numbers of transactions per year. Small companies and insurance broker firms processing fewer than 20,000 transactions a year need comply with level 4, the lowest and simplest level.

Most companies use a credit card Payments Provider like Sage Pay, Worldpay and others on which the actual card transaction details are gathered and stored on the Providers secure servers using their security that is PCI compliant.

However, things are beginning to change with some banks insisting that their merchants prove they are PCI compliant before providing them with a merchant account for online credit and debit card processing, even if these are all currently being processed through a compliant Payment Provider.

You will not be surprised to learn, therefore, that there are now companies springing-up to carry out PCI audits. Indeed some banks have already put in place there own arrangements, which they may insist their mechant account holders use.

Sage Pay offer a simple Online Self Assessment sevice through a third party that currently costs £72 per annum for Level 4 users. You can read about this at their Website at http://www.sagepay.com/pci-dss-compliance Your bank may be happy with your current arrangements but as we all know the thirst for more business rules and compliance checks remains insatiable.

Share this post :