What is PCI DSS and why do I need it?
Written by Joseph Poppy on 18/01/2019
Do I need to be PCI DSS compliant?
Without PCI DSS compliance, merchants won’t be able to process any card transactions. In today’s retail environment, that counts for a substantial number of transactions. Card data is also considered personal data, making it subject to GDPR, which mandates that keeping personal information secure is a legal requirement. PCI DSS is the preferred standard and one of the most reliable ways of ensuring this and is often the first thing the Information Commissioner’s Office looks at in the wake of a data breach involving card data.
The global card brands can levy fines against the acquiring banks as a result of non-compliance. These banks can in turn levy fines against merchants if the responsibility of a breach can be shown to be with them. Not being compliant can have devastating financial and reputational consequences if a breach occurs. And as non-compliance indicates a lack of basic security processes, a breach is likely.
The journey to compliance
This is not a requirement of the standard per se, but if it’s not done, then chances are the entire network will be deemed within scope. This one neat trick, along with enforcing some strict access control policies, can save a company both time and money in the long run.
Defining the PCI compliance SAQs
The self-assessment questionnaires (SAQs) are the first step towards achieving PCI compliance. There are several different SAQs aimed at a range of businesses or for alternative methods of card processing. Knowing which form you are supposed to fill out can be a puzzler, but your acquiring bank can advise you on which SAQ you need to complete.
Apply it across the business
The work doesn’t stop once you’ve achieved compliance. It’s an ongoing process and PCI DSS is always updating, and your business will be expected to update with it. New vulnerabilities are always emerging, meaning security has to adapt to keep up. Regular audits are to be expected and proactive changes to processes and procedures will help to no end.
Many elements of PCI compliance can be applied across the business to improve your security. We often say that if you’re doing security right to start with, then becoming PCI compliant won’t require much work. Make compliance work for you and get the most out of it.
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.