Search
Search
 Call Merchant Advice Service
0800 304 78 75
 Get a Quote
Get A Quote

PCI DSS COMPLIANCE EXPLAINED

> Make A Quick Enquiry
Libby James
Merchant Services Expert

Libby James is co-founder, director and an expert in all things merchant services. Libby is the go-to specialist for business with more complex requirements or businesses that are struggling to find a provider that will accept them. Libby is regularly cited in trade, national and international media.

What is PCI Compliance?

At Merchant Advice Service we are asked regularly about PCI DSS Compliance. Customers want to know what it stands for and, importantly, what it what it means to their business.

PCI DSS is an acronym for payment card industry data security standard and it was introduced to the UK in September 2006 to create a secure environment for all companies that accept and process card transactions and consumer data.

The PCI Security Standards Organisation manages and administers the policy. They are an independent body created by card companies; Visa, MasterCard, American Express, JCB International and Discover Financial Services. The council is led by a policy-setting committee consisting of representatives from the five founding card companies. IMPORTANT: Acquiring banks are responsible for enforcing the compliance itself, not the organisation.

The PCI compliance checklist consists of six categories:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management programme
  • Implement strong assess control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Before you read on

Many customers come to us having looked at their transaction statements noticing large amounts coming out of their account every month for PCI and other fees. In a lot of cases PCI compliance is a simple process – yet they pass extortionate fees onto the customers. We work with companies across the whole merchant services industry and work with some that charge no PCI fees whatsoever (very rare) and industry topping rates.

Our service is completely free so if you’d like to save money we will look at everything and provide you with our best recommendations with no obligation and no cost to you.

GET A QUOTE

PCI compliance levels

UK businesses are placed into one of four PCI compliance levels determined by Visa transaction volume. Each level has different validation requirements set out by Visa and MasterCard:

Level one – validation requirements:

Merchant’s processing over 6 million Visa transactions per year
An annual compliance report by a qualified assessor (QSA Qualified Security Assessor), quarterly network scan by an approved scan vendor (ASV) and attestation of compliance form.

Level two – validation requirements:

Merchant’s processing between 1 million and 6 million Visa transactions per year. An annual PCI self-assessment questionnaire (SAQ,) quarterly network scan by ASV and attestation of compliance form.

Level three – validation requirements:

Merchant’s processing between 20 thousand and 1 million ecommerce Visa transactions per year. Annual SAQ, quarterly network scan by ASV and attestation of compliance form.

Level four – validation requirements:

Merchant’s processing fewer than 20 thousand ecommerce Visa transactions OR any merchant (regardless of acceptance channel) processing up to 1 million Visa transactions per year. An annual SAQ recommended, quarterly network scan by ASV (if applicable) and compliance validation requirements set by the merchant bank.
What does this mean for merchants?

Ensuring your business is PCI DSS compliant demonstrates that you are doing the upmost to keep customer data safe and secure to prevent fraud. E-commerce websites are particularly vulnerable and have a high risk of being targeted by hackers. Having measures in place, such as controls associated with PCI DSS to minimise this risk, are excellent deterrents. PCI DSS compliance requirements may seem confusing, but it’s compulsory for all businesses processing card payments to obtain one.

How do I find a PCI compliant assessor?

Trustwave, Control Scan, SRM-Soultions all provide external assessments to name but a few. Towards the end of this page you can find a list of contacts and handy links.

PCI DSS compliance costs

Costs vary depending on the company, however the average price is around £150. And the self-assessment is free. Assessments are carried out annually.

Some big-name merchant account providers such as Paypal, World Pay and Payment Sense ensure that the merchant is PCI compliant and manage this on the merchant’s behalf and charge for this either on an annual or monthly basis. This tends to be around £5- £20 per month with additional costs for ASV scans. Equally some merchants offer this service free of charge, it’s important to look at this when comparing merchant quotes and costings. I’m not bothered about giving the names away purely because it’s not what we are interested in, we are selling merchant services without these fees – so the fact that large companies such as these charge for the service, makes us look good.

PCI DSS non-compliance charges could also be made if your company is not complaint, this is a type of fine which is based on the work involved to make a business compliant, this fee will then be removed once the company has reached compliancy.

If your business is not PCI compliant then costs can escalate quickly. The minimum fine that card schemes could charge is £3000. Equally, if your data is compromised and the card issuer requires you to certify your compliance using a qualified security assessor (QSA), this could cost up to £850 per day and usually takes up to two weeks to complete. PCI compliance fines can be avoided if the correct procedures are followed so it’s important you are aware of the pitfalls to avoid getting caught out!

PCI DSS compliance programme, useful links;

PCI SECURITY STANDARD COUNCIL

FIND AN ASSESSOR

SELF ASSESSMENTS

PCI questions

Get in touch with us today with any questions about your PCI fees or anything else to do with merchant services. We can compare the market in-depth for you and recommend the best service providers. We’re truly an independent advisory service and will look at your business as a whole, from the fees to the rates you pay to any specific business requirements you have.

CALL US
Need help choosing the right merchant account?
CONTACT US
Related Articles
Interchange rates explained
What is Open Banking?
Finding the Best Merchant Services Broker or Card Processing Consultants
How to Accept Online Payments Without a Website: A User-Focused Guide
Finding the best credit card processing fees
Let’s talk payments and rolling reserve
How to accept Apple Pay
Merchant Account for Startups: Simplifying Payment Processing
Merchant accounts for doctors, vets, opticians and dentists
Short term merchant accounts
Merchant Account Fees Explained
Multi-Merchant Accounts Explained: Boost Your Business with Versatility
Fast merchant account approval
Foreign currency merchant account
Virtual Terminals for Processing Credit and Debit Cards
Finding the Best Website Credit Card Processing
Split Payment Gateways
Merchant Accounts for Motor Trade Businesses
Escort Merchant Accounts & Payment Gateways
Merchant services for salons
Accepting IVR payments
How to Reduce Chargebacks - A Definitive Guide
Next Day Payment Clearing And Settlement Process
No contract credit card processing
Payment Processing for Alcohol Sales
Payment service providers
Google Pay, a Merchants guide
Merchant Services for Estate Agents and Letting Agents
Payments for schools, academies, colleges and universities
PSD2 & SCA regulation including 3D Secure
High-Volume Merchant Processing: Powering Your Business Growth
Manual credit card processing
Understanding Recurring Payments: A Comprehensive Guide
Card not present credit card processing
Alternative Payment Processors to Stripe
No credit check credit card processing
Simple merchant accounts
Overseas credit card processing
Direct sales credit card processing
Ecommerce Merchant Services
Nursery invoicing
American Express Merchant Services
Gym payments, a merchants' guide
Tips for switching merchant account providers
Accepting contactless payments, a merchant guide.
Understanding batch payment processing
Cheap credit card processing
Understanding PSR Regulations and the impact on your Business
Merchant services for taxi companies and drivers
Charity Merchant Services
Financial services merchant accounts
Invoicing with a credit card payment facility
Event payment processing
See more
...
see less

Need help choosing the right merchant account?

Start your enquiry here

Contact Us
Libby James

Libby James Co-founded Merchant Advice Service alongside David Bird in 2016. Her finance background, coupled with retail and customer service experience, gave Libby the drive to bring transparency and non-biased advice to the world of merchant services. Having come from the heavily regulated mortgage and insurance industry, Libby found it puzzling that other financial sectors lacked regulation and transparency leaving customers confused and unable to make informed decisions when it came to accepting card payments. This was soon to become Libby’s obsession!

With the help of some of the industry’s best, Libby began to research acquiring banks, complex terminology/regulation, and the problems customers experience within merchant services and payment gateway markets. She spent years on sourcing solutions for complex clients, which previously others were unable to assist with. Libby established relationships with brokers and banks which would soon form the cornerstone of Merchant Advice Service. As a result Libby has been featured in high-profile publications across the web.

Libby is proud to be the entrepreneur’s champion, supporting start-up businesses regularly. Her industry insights can often be found on LinkedIn where she provides free of charge advice and money saving pointers. It’s safe to say she has her finger on the pulse of everything card payments related.

Libby speaks of her experience in founding and running Merchant Advice Service…

‘Merchant Advice Service is one of my greatest achievements to date. We help business owners to overcome card processing issues which can become detrimental to their business. We assist SME’s in finding suitable card payments solutions, helping them create their vision. Each and every day is different, exciting and fore filling. As technology advances I can’t wait to see the way in which the merchant services market advances, and I’m pleased that our business will play a part in educating company owners along the way.’

Read more
...
Read less
More From This Author

Make A Quick Enquiry

Speak to us directly and get any questions you have answered. Submit your details and we’ll be in touch shortly.

Alternatively you can contact us directly using:0800 304 78 75

Just so you know, we take your privacy seriously and will only use your personal information to contact you via phone, email or text with updates on the progress of your enquiry and provide information only on relevant products and services.

    Merchant Advice Service
    0800 304 78 75
    [email protected]
    Merchant Advice Service Ltd.
    Bezant House
    Bradgate Park View
    Chellaston
    Derby DE73 5UH

    © Copyright 2023 Merchant Advice Service Ltd. Registered in England & Wales with company number 10343029.
    Bezant House, Bradgate Park View, Chellaston, Derby, United Kingdom DE73 5UH

    Web Design London and website maintenance by Webshape