Merchants of any size accepting credit cards must be in compliance with PCI Security Council standards

What Is PCI-DSS Compliance?

The Payment Card Industry Data Security Standard (PCI-DSS or PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

The Payment Card Industry Security Standards Council (PCI-SSC) was formed by Visa, MasterCard, American Express, JCB and Discover – launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process.

To be compliant today your payment service provider needs to adhere to version 3.2 of the PCI standard, which was introduced in April 2016. Merchants processing over 6 million Visa transactions annually across all channels or Global merchants identified as Level 1 by any Visa region.

Key IVR are PCI-DSS Level 1, version 3.2 compliant, this is the highest level of certification for PCI payments. More about Key IVR

What Is Defined as ‘Cardholder Data’?

The PCI Security Standards Council (SSC) defines ‘cardholder data’ as the full Primary Account Number (PAN) or the full PAN along with any of the following elements:

  • Cardholder name
  • Expiration date
  • Service code

Sensitive Authentication Data, which must also be protected, includes full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more.


What Are the Potential Consequences for Non-compliance?

  • Fines and penalties ranging from £3,000 to £6,000
  • Lost confidence, so customers go to other merchants
  • Diminished sales
  • Cost of reissuing new payment cards
  • Fraud losses
  • Legal costs, settlements and judgments
  • Termination of ability to accept payment cards
  • Lost jobs (CISO, CIO, CEO and dependent professional positions)
  • Going out of business
  • Higher subsequent costs of compliance

PCI-DSS Levels

Level 1
A merchant processing over 6m VISA and MasterCard transactions p/a

Level 2
A merchant processing between 1m and 6m VISA and MasterCard transactions p/a

Level 3
A merchant processing between 20k and 1m VISA and MasterCard transactions p/a

Level 4
A merchant processing less than 20k VISA and MasterCard transactions p/a


What Are the Obligations to My Company?

  • Internal or external systems audit
  • Security scans
  • Statement of compliance

How Can I Become PCI-DSS Compliant?

For any oganisation, becoming PCI compliant on your own can be a very timely and costly venture with a lot of room for error. Key IVR takes all the pressure off, with already established PCI-DSS level 1 compliant payment solutions, we help assess your systems and provide a secure platform to suit your organisation.

Take a look at our wide range of Services.

Contact us on 01302 513 000 or email sales@keyivr.co.uk

Email us at
Key IVR are a privately owned business offering global automated PCI-DSS compliant payment services. We are a customer-service focused organisation and take care to manage and meet our clients' expectations.


UK: 8 Durham Lane, West Moor Park, Armthorpe, Doncaster DN3 3FE

Ireland: 8 Clanwilliam Square, Grand Canal Quay, Dublin 2, D02 PF75

USA: 8th Floor, 100 Church St, New York, NY 10007