October 30th, 2012 / Insight posted in

Accepting payments by credit or debit card

If you accept credit or debit card payments, you need to be aware of the Payment Card Industry’s (PCI) Data Security Standard. This applies to all businesses that store, process or transmit cardholder data.

The standard addresses 12 key security areas, providing a consistent framework for securing and monitoring cardholder data. Those organisations that do not comply may be held responsible for reimbursing fraud losses resulting from non-compliance and be subject to severe sanctions ranging from fines to the revocation of privileges by the major payment card brands.

The PCI rules are complex and for some companies the outsourcing of compliance by not storing any payment card details on paper or computers and by letting a PCI compliant third party look after them instead, may be the only practical solution.

For companies that are required to comply the actual validation requirements vary according to the number of transactions processed annually but, as a minimum, a quarterly external network vulnerability scan must be conducted usually by an accredited security firm.

We employ fully accredited assessors who can provide you with the requirements appropriate to your organisation, assess your current state of compliance and assist you in implementing cost effective measures to bring you up to scratch. If you have concerns or would like advice as to the compliance requirements call Mark Child of Kingston Smith Consulting on 020 7566 4000.