PCI DSS compliance is important for a business as paying by card is so much more common these days, and it is getting easier for scammers to obtain and defraud people’s credit card details.
What is PCI DSS compliance:
PCI DSS stands for Payment Card Industry Data Security Standard, and helps all businesses achieve better data security. The standard applies to all companies that take credit card payments, and to achieve compliance you will need to achieve 5 simple objectives:
1. Make sure you have built, and maintain a secure network
2. Ensure that cardholder data is protected
3. Create a “Vulnerability Management Program”
4. Creating different levels of access for certain types of data
5. Regularly test networks and monitor who is accessing them.
You must comply with different levels of PCI depending on what level you fall under, based on how many transactions you process within a year. Complying with the PCI standards brings several benefits to a business, for example providing easy steps to follow to better secure sensitive information which not only will prevent a hefty fine but will make the business look more trustworthy in the eyes of the consumer.
Consequences of non-compliance:
Consequences due to a company failing to comply with the PCI DSS can be severe; from financial fines that can range from £3,000 to £60,000, to having your card processing capabilities completely removed. The benefits are a stronger culture of security that can go some way to supporting legal requirements imposed by the Data Protection Act 2018 and GDPR.
Company directors are now personally liable for failing to protect their customers’ data sufficiently, according to the UK Data Protection Act. Achieving PCI DSS compliance encourages small businesses to implement the procedures to better handle confidential data within their organisation and in some instances can act as an insurance policy.
– Company directors can be held personally responsible under new GDPR rules with hefty fines being levied by the ICO
– PCI DSS non-compliance can lead to huge fines (£3,000 to £60,000) against the company
– The PCI compliance level is based on how many transactions are processed within a year