Making a payment

Does my business need to be PCI DSS compliant?

The Payment Card Industry Data Security Standards (PCI DSS) apply to any business that accepts card payments. Any method of card payment is included, physical terminals, online payment pages, or through providers like PayPal or Stripe. If your business collects card details, it must be PCI DSS compliant.

 

What does being PCI DSS compliant mean?

The standards are set out by the PCI, an organisation formed by the major card companies like Visa, MasterCard and American Express. They are a set of 12 requirements your business must satisfy to best protect your customers’ card details. These requirements fit into these categories:

  • Build and maintain a secure network and systems
  • Protect account data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

The volume of requirements might seem daunting at first, but OmniCyber’s dedicated PCI DSS services will help you at every stage of making your business compliant.

 

What would happen if my business wasn’t compliant?

There are severe consequences to PCI DSS non-compliance. Storing customer card details in an insecure way is a serious breach of trust. The financial cost of being non-compliant is significant, no matter the size of your business.

If a breach is discovered, fines from banks can range from tens of thousands to several million. Additional monthly charges can be added on, and your business’ ability to process card payments can be revoked. Before this is reinstated, you must prove that your business is PCI DSS compliant with an assessment from an external Qualified Security Assessor (QSA), like OmniCyber Security.

Added to these costs are the damages to reputation and trust from customers, which will seriously harm your business’ future revenue.

 

How can I become PCI DSS compliant?

Every year, your business must prove compliance with PCI DSS requirements by employing an external QSA or completing a self-assessment issued from their bank. At OmniCyber, our experts can guide you through the whole process and make sure you are as secure as possible.

You can think of PCI DSS as a bit like running a car. Every year you have get an MOT to prove that it’s roadworthy, but between MOTs you still need to maintain it with a service or topping up the washer fluid.

The annual PCI DSS check only proves that your business was compliant at one point in time. You need to maintain security all year round. OmniCyber provides unlimited vulnerability scanning you can use to check no weaknesses have appeared between the annual checks.

PCI DSS non-compliance is not worth the risk. Contact OmniCyber Security today to ask about the PCI compliance services we can provide to your business.

Contact us..

Related Articles