Securing Information
Strengthening Business

What is PCI DSS?

The Payment Card Industry (PCI) Data Security Standard (DSS) is the worldwide benchmark that helps you safeguard your customers’ payment card data. As a merchant you are at the centre of payment card transactions. Compliance with PCI DSS will help to make you less vulnerable to payment card fraud, your customers less vulnerable to identity theft and build customer trust.

There are billions of payment card transactions each year. Most of these go without a hitch but payment card fraud and identity thefts are increasing. More than 234 million records with sensitive information have been compromised since January 2005 according to Privacy Rights Clearing House. Your customers rely on you to keep their payment card information safe and secure – repay their trust with PCI DSS compliance.

“The goal of the Payment Card Industry Data Security Standard is to protect Cardholder Data that is processed, stored or transmitted.” Payment Card Industry Security Standards Council

Who needs to be PCI DSS compliant?

    • Merchants/retailers
    • Ecommerce businesses
    • Service providers to merchants
    • Application developers
    • Manufacturers and handlers of devices used in card transactions

Any company that handles information held on payment cards is required to fully comply with PCI DSS regardless of how many card transactions it carries out. You have to renew compliance annually – either with an onsite security audit or self-assessment questionnaire. Think of it like an MOT certificate for your cardholder data security practices. Don’t lie on a self-assessment questionnaire – it changes the nature of the issue from a contractual argument to a criminal offence.

What risky behaviour does PCI protect against?

A survey of businesses in US and Europe by Forrester Consulting found that:

  • 81% store payment card numbers
  • 73% store payment card expiration dates
  • 71% store payment card verification codes
  • 57% store customer data from the payment card magnetic stripe
  • 16% store other personal data

These types of activities are a huge risk to the businesses involved.

What does PCI compliance involve?

The PCI DSS is a comprehensive set of controls for enhancing payment account data security – common sense steps that reflect security best practices.

  1. Assess . Identify Cardholder Data within the business, identify where it is stored or processed, and analyse vulnerabilities that could expose them.
  2. Remediate . Fix vulnerabilities and do not store cardholder data unless you need it.
  3. Report . Compile and submit required remediation validation submissions and submit compliance reports to the Acquirer. Otherwise have a QSA audit and submit a Report on Compliance.

A PCI DSS Qualified Security Assessor (QSA) firm such as Ascentor will help you to identify and implement the controls needed to achieve compliance first time and maintain it for the future.

The positive benefits of PCI DSS compliance

The time and money you put into becoming PCI certified is more than matched by the advantages it will bring.

  • It will protect your business from threats
  • It will protect cardholder data
  • It proves your organisation takes data security seriously
  • It will improve your reputation with payment partners
  • It increases customer trust, which means more sales and loyalty
  • It will strengthen your business

You’ve worked hard to build your business. Secure your success by protecting your customers’ payment card data with the PCI standard.

Article by Colin Dixon ,Ascentor’s lead QSA for PCI DSS.

If you have a PCI DSS question do get in touch . Based in Gloucester, UK Ascentor helps businesses to achieve and maintain PCI compliance. PCI can be a complex process. We’re at your side every step of the way.

Related information:

For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How would you recover if something went drastically wrong with some, or all of your business operations? When we think of worst case scenarios,

What’s the difference between cyber security and cyber resilience – and why does resilience matter?

It’s a question we get asked at Ascentor and a Google search will often see returns for ‘cyber security vs cyber resilience’ – as if there’s some

The most popular cyber security standards explained