What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS), introduced in 2006, is a set of requirements that ensure that all companies that process, store, and transmit credit card information maintain a secure environment.
Each year businesses across the UK are sent the PCI DSS questionnaire. The questionnaire is complex, time-consuming which leaves many business owners feeling lost.
Is compliance important?
PCI compliance is one of the most important aspects of a modern business. The importance of being compliant is ever-growing particularly with the transition to a more cashless society.
However, despite the importance of PCI compliance, 80% of UK businesses are not compliant. Failure to demonstrate compliance can result in a costly monthly fine of between £4000 to £80,000.
Furthermore, data breaches that are found to be the result of inadequate data protection can lead to severe GDPR fines.
How do I manage my PCI compliance?
To be PCI compliant, businesses need to demonstrate that they meet each of the twelve PCI principles. The 12 Principles are:
- Installing and maintaining a firewall configuration to protect Cardholder data
- Avoiding vendor-supplied defaults for system passwords and other security parameters
- Protecting stored cardholder data
- Encryption transmission of cardholder data across open, public networks
- Protecting all systems against malware and regularly updating anti-virus software and programmes
- Developing and maintain secure systems and applications
- Restricting access to cardholder data
- Identifying and authenticating access to system components
- Restricting physical access to cardholder data
- Tracking and monitoring all access to network resources and cardholder data
- Regularly testing security systems and processes
- Maintaining a policy that addresses information security for all personnel
As you can see, demonstrating and maintaining compliance can be a time-consuming and extremely difficult exercise.
How can Reduce My Costs help?
At Reduce My Costs, we can source a trusted compliance manager who will work with you to understand your business. Your compliance manager will fill out the PCI compliance form for you and keep on top of compliance management, leaving you to get on with what you do best.
