What is PCI-DSS Compliance?
The Payment Card Industry Data Security Standard (PCI-DSS or PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.
The Payment Card Industry Security Standards Council (PCI-SSC) was formed by Visa, MasterCard, American Express, JCB and Discover – launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process.
To be compliant today your payment service provider needs to adhere to version 3.2 of the PCI standard, which was introduced in April 2016. Merchants processing over 6 million Visa transactions annually across all channels or Global merchants identified as Level 1 by any Visa region. Key IVR are PCI-DSS Level 1, version 3.2 compliant, this is the highest level of certification for PCI payments. More about Key IVR
What is defined as ‘cardholder data’?
The PCI Security Standards Council (SSC) defines ‘cardholder data’ as the full Primary Account Number (PAN) or the full PAN along with any of the following elements:
- Cardholder name
- Expiration date
- Service code
Sensitive Authentication Data, which must also be protected, includes full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more.
What are the penalties for non-compliance?
Not complying with your requirement commitment could mean you are banned from accepting cards and/or increased fees to process cards. Moreover, fines that can range from £3,000 to £60,000 depending on your bank’s merchant account agreement may also be levied.
- Level 1 – a merchant processing over 6m VISA and MasterCard transactions p/a
- Level 2 – a merchant processing between 1m and 6m VISA and MasterCard transactions p/a
- Level 3 – a merchant processing between 20k and 1m VISA and MasterCard transactions p/a
- Level 4 – a merchant processing less than 20k VISA and MasterCard transactions p/a
What are the obligations to my company?
- Internal or external systems audit
- Security scans
- Statement of compliance
How can I become PCI-DSS compliant?
Work with a Partner, like Key IVR, to help assess your systems and provide a secure solution to your customers – compliant with the highest level of PCI-DSS.