Skip to main content

Understanding PCI Compliance

06 April 2017
Written by Libby James
Libby James is co-founder, director and an expert in all things merchant services. Libby is the go-to specialist for business with more complex requirements or businesses that are struggling to find a provider that will accept them. Libby is regularly cited in trade, national and international media.
In this article
    Share this article with others:

    What is PCI Compliance?

    At Merchant Advice Service, we frequently receive enquiries regarding PCI DSS Compliance. Clients seek clarity on what PCI stands for and, more importantly, how it impacts their business.

    PCI DSS, or Payment Card Industry Data Security Standard, was introduced to the UK in September 2006. Its primary aim is to establish a secure environment for companies handling card transactions and consumer data. The PCI Security Standards Organisation manages and administers these standards and is an independent body formed by major card companies including Visa, MasterCard, American Express, JCB International, and Discover Financial Services. Notably, acquiring banks are responsible for enforcing compliance rather than the organisation itself.

     

    Key PCI Compliance Checklist

    PCI compliance is structured around six categories:

    Build and maintain a secure network

    Protect cardholder data

    Maintain a vulnerability management program

    Implement strong access control measures

    Regularly monitor and test networks

    Maintain an information security policy

    Before delving deeper, it’s essential to note that some organisations impose hefty PCI fees on customers, even when compliance is a straightforward process. At Merchant Advice Service, our free consultation aims to provide cost-saving recommendations with no obligation.

    PCI Compliance Levels and Validation Requirements

    UK businesses fall into one of four PCI compliance levels based on Visa transaction volume, each with distinct validation requirements:

    Level One: Merchants processing over 6 million Visa transactions per year.

    Level Two: Merchants processing between 1 million and 6 million Visa transactions per year.

    Level Three: Merchants processing between 20 thousand and 1 million e-commerce Visa transactions per year.

    Level Four: Merchants processing fewer than 20 thousand e-commerce Visa transactions or up to 1 million Visa transactions per year.

     

    Significance for Merchants

    PCI DSS compliance demonstrates a commitment to safeguarding customer data, particularly crucial for e-commerce websites susceptible to cyber threats. Although compliance requirements may seem complex, they are obligatory for all businesses processing card payments.

    Finding a PCI Compliant Assessor

    Several reputable companies, including Trustwave, Control Scan, and SRM-Solutions, offer external assessments. A list of contacts and links is provided for further assistance.

     

    PCI DSS Compliance Costs

    Costs vary, with an average of £150 for assessments conducted annually. Some major merchant account providers, like Paypal and WorldPay, manage PCI compliance on behalf of merchants, charging monthly or annually. Notably, non-compliance charges could result in fines, starting at £3000.

    Useful Links for PCI DSS Compliance

    PCI SECURITY STANDARD COUNCIL

    FIND AN ASSESSOR

    SELF ASSESSMENTS

    How Merchant Advice Service Can Help

    Understanding and implementing the Security Standard PCI DSS is crucial for all businesses that handle card transactions. Not adhering to these standards can lead to serious data breaches and hefty fines. It’s vital to restrict access to cardholder information and store cardholder data securely. Regular assessments, including Assessment Questionnaires SAQs and annual PCI DSS Requirement reviews, are essential to maintain compliance.

    Failing to restrict physical access to sensitive data or adequately track and monitor access on a public network can pose significant risks. Remember, each card brand has specific requirements that must be met. Compliance is not just about avoiding penalties; it’s about protecting your customers and your business.

    Merchant Advice Service is dedicated to helping you understand these complexities. We offer guidance to ensure your business complies with PCI DSS, helping you avoid unnecessary expenses and enhance your data security measures. Visit our blog page for more advice and insights into navigating the world of PCI compliance.

    FAQs

    What is PCI DSS?
    PCI DSS stands for Payment Card Industry Data Security Standard. It is a set of security standards introduced to create a secure environment for companies handling card transactions and consumer data.
    Can PCI DSS non-compliance lead to fines?
    Yes, non-compliance can lead to fines, with the minimum charge being £3000. Additional charges may be incurred based on the efforts required to make the business compliant.
    How often are PCI assessments conducted?
    PCI assessments are conducted annually to ensure ongoing compliance.
    What are the typical costs associated with PCI compliance?
    Costs vary, but the average price for assessments is around £150. Some merchant account providers may charge additional monthly or annually.
    How are PCI compliance levels determined?
    PCI compliance levels are determined by Visa transaction volume. There are four levels, ranging from Level One for merchants processing over 6 million Visa transactions per year to Level Four for merchants processing fewer than 20 thousand e-commerce Visa transactions.
    Who enforces PCI compliance?
    Acquiring banks are responsible for enforcing PCI compliance, not the organisations themselves.
    Is PCI compliance mandatory for all businesses processing card payments?
    Yes, PCI compliance is compulsory for all businesses processing card payments.
    Are there alternatives to paying for PCI compliance services?
    Some merchant account providers, like PayPal and WorldPay, manage PCI compliance on behalf of merchants. It’s crucial to compare services and fees when choosing a provider.

    Related Articles