How to become PCI compliant

14/06/2009

PCI compliance is the buzz-word used to describe validation to the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS has been created jointly by Visa and Mastercard and is supported by all the banks and financial institutions.

You must be PCI DSS compliant if you handle, process or store credit card details either on your computer, on a server or on paper.

Compliance with this standard is a requirement for all merchants who accept payment cards. There are severe penalties if card information is compromised as a result of your non-conformance with PCI DSS. When you signed up to using a payment service provider, you probably agreed to these penalties.

There are two ways to become PCI DSS compliant.

  • Firstly, you can become compliant yourself.
  • Secondly, you can use a third party payment service provider (PSP) and all card details are only entered into sites and systems supplied by the third party PSP who are themselves PCI DSS compliant.

To become compliant yourself you need to:

  • Build and maintain a secure IT network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

For many small businesses these requirements are too difficult and time consuming to satisfy.

To use a third party PSP you need to ensure your website and the details passed to the PSP comply with PCI DSS standard. Cornish WebServices have expertise in ensuring that the way a website or webpage communicates with the PSP is PCI compliant. We are familiar with the requirements of most of the PSPs having implemented and tested them on client websites.

Cornish WebServices can implement eCommerce solutions which meet PCI compliance requirements with the minimum of fuss for the client. Using a third party PSP (Payment Service Provider) is usually the easiest solution, but checks are still required with the website. In addition, the way in which the website communicates with the the PSP needs to be secure.

← Back to Index

Email usTel: +44 (0)330 555 4680
X

Our site uses cookies to help provide you the best experience. By continuing to browse the site you are agreeing to our use of cookies.
Find out more about cookies and how to change your cookie settings in your browser.