PCI Compliance Information
is compulsory for processing card payments
PCI Compliance is the Payment Card Industry Data Security
Standard mandated by the card schemes for the protection
of cardholders and transaction details. According to payment
brand rules, all merchants accepting credit card payments
are required to comply with the PCI Data Security Standard
in its entirety.
Our payment gateway is robust and feature rich,
and if you are storing account information, we can provide
you with custom tokenization solutions that will significantly
reduce your PCI compliance liability.
it is PCI compliance and why does it matter?
If you own an online shop, bank online or use credit and
debit cards, there is a very good chance that you have heard
the term "PCI compliant." However you probably
don't know what it means.
The term "PCI compliant" is heard more and more
these days as data
breaches at merchants like TKMaxx, eBay, Adobe and British
Airways, land hundreds of thousands of card details in the
hands of criminals. These criminals are using the data to
make purchases and withdraw money from accounts of unsuspecting
It's a huge and growing problem. More than 80% of data
stolen in breaches is payment card data, according to the
2014 Verizon Business Data Breach Report.
Don't let it happen to you!
Who are PCI Security Standards Council
The PCI Security Standards Council is an open global forum,
launched in 2006, that is responsible for the development,
management, education, and awareness of the PCI Security
Standards, including: the Data Security Standard (DSS),
Payment Application Data Security Standard (PA-DSS), and
Pin-Entry Device (PED) Requirements.
What is the standard exactly?
It's the PCI, which stands for Payment Card Industry, data
security standard. It's a set of 12 specific requirements
that cover six different goals. It's very prescriptive.
It says not only that you need to be secure but it tells
you how to become secure. It's more about security than
if I don't want to become PCI compliant?
All customers must become compliant and time restrctions
apply (90 days). You can process if non compliant, however,
failure to comply could attract a non-compliance fee for
each merchant account operating that is not PCI DSS compliant
(normally around £40). If a merchant transitions from
being compliant to being non-compliant; this fee will not
be charged for the first 90 days of non-compliance.
Also if you are not compliant to the Payment Card Industry
Data Security Standards (PCI DSS) you will be responsible
for any losses through fraud, and may also face considerable
fines. Your customers will suffer if their card details
are compromised. Your business reputation will suffer as
Taking responsibility for PCI compliance forms part of
your merchant Terms & Conditions.
Don't let it happen to you!
I'm found not to be compliant, what are the consequences?
90% of consumers don't understand the difference between
credit card fraud and identity theft. If they hear that
their credit card has been stolen, many of them believe
their identity is at risk. If that's the case many of your
customers won't shop with you anymore because they are afraid
you are not protecting their data and someone is going to
steal their identity. That's the worst thing that can happen.
The biggest problem would be if your customers walk away.
There are reputational damages they have to deal with, which
9 times out of 10 cannot be measured in terms of money.
What part of the standard
is mandatory and what is voluntary?
It's all mandatory. Nothing is voluntary. The rule is if
you store, process, or transmit credit card data you must
be compliant with the PCI standards. And that's a global
How do I become compliant?
You can become compliant by using an assessor. To see the
current list of PA-QSAs recognized by the PCI Security Standards
Council, please see below. Alternatively search online for
'PCI compliant assessors' - we do not take
any responsibility for 3rd party websites and / or services
Please note that the PCI Security Standards Council maintains
an in-depth program for security companies seeking to be
certified as Payment Application Qualified Security Assessors
(PA-QSAs), as well as to be re-certified as PA-QSAs each
With our Standard
Account PCI Compliance is FREE.
For our High Risk & Adult accounts we
How much does it cost to
If you would like help with becoming compliant, prices vary
from company to company. Some charge a monthly fee (around
£20) while others charge a one off fee (average price
is around £150). If you would simply like
to self-assess then this is free.
that with our Standard Account PCI Compliance is
our High Risk & Adult accounts we recommend ControlScan
just another way of getting more money out of businesses?
Not at all. This is for the benefit of all concerned. 80%
of all online fraud occurs using stolen or misused payment
details. No matter where you go to become PCI compliant
(except for self assessment) you will have to pay a fee.
I would like more
For more information, including FAQ's please visit www.pcisecuritystandards.org
Don't let it happen to you!
If you are not PCI DSS compliant, €5,250 is the least
amount that the Card Schemes could fine. If fraudsters get
their hands on your customer payment card data, this amount
If your data is compromised, card issuers may also require
you to certify your compliance within 90 days by using a
Qualified Security Assessor. Typical cost is £850
per day, with assessments taking up to two weeks
Card issuers may also insist on an investigation by a Qualified
Forensic Investigator. Typical cost is £850 per day.
An investigation could last for 10 days. You could also
be liable for other costs, including card replacements.
Don’t be left counting the cost of non-compliance.
What could your business
do with €5,250?
Buy equipment for expansion?
Replace aging computer equipment?
Run a promotional advertising
campaign to drive growth?
Lease a new van?
Spruce up your premises?
Give bonus payments to hard-working
staff – or to yourself?
a fine for non-compliance?