We have received several member enquiries about PCI DSS compliance. Read on to understand what it is and what you need to do:
PCI compliance is a framework that helps companies protect their customers’ cardholder data from theft or misuse. It means you are doing your best to ensure your customers data is safe and secure, reduce their risk of being affected by fraud.
If your business accepts card payments face to face, on a website, or over the phone, then you need to ensure you are PCI DSS compliant. This is necessary to avoid potential data breaches that could result in fines for your company. You could also be liable for any fraud losses suffered due to a data breach, in additional to reputational damage caused by such an incident.
Most banks charge a non-compliance fee if businesses do not meet PCI standards. We recommend contacting your credit and debit card merchant provider to find out if your business is PCI compliant, or check a credit card statements/invoices to see if you have been charged a non-compliance fee.
There are 12 key requirements that you must follow to be PCI DISS Compliant, from building and maintaining a secure network through to regularly monitoring and testing access to cardholder data. You can find out more about these PCI DSS compliance and your obligations on the UK Cards Association website here.
For more information, please get in touch by emailing firstname.lastname@example.org