It is vitally important for any business that takes card payments online, over the phone or face-to-face, to comply with the Payment Card Industry Data Security Standards (PCI DSS).
Developed by the PCI Security Standards Council (PCI SSC) – an organisation made up of major payment card associations including Visa, Mastercard and American Express, the PCI DSS seek to to protect against data breaches and specifically:
- Help businesses process card payments securely
- Reduce card fraud
- Ensuring that customers’ card details are protected
Subsequently, if a business taking card payments fails to comply with the standards, heavy fines, loss of customers and withdrawal of card payment facilities could result.
Despite the mandatory compliance however, there are some very real benefits that can be felt by all parties to a transaction, including:
- Reduce risk of data breaches by improving security measures
- Ensures avoidance of fines for non-compliance
- Sensitive customer data is protected
- Simplifies global regulatory compliance
- Provides peace of mind for businesses and customers
There are four levels of PCI DSS compliance which are assigned to merchants based on the volume of payments processed each year. Each level has its own specific requirements but broadly speaking, the transaction volumes for each level are as follows:
- Level 1 – Businesses processing over 6 million card transactions annually through all channels
- Level 2 – Businesses processing 1 to 6 million card transactions annually through all channels
- Level 3 – Businesses processing 20,000 to 1 million card transactions annually, exclusively via eCommerce
- Level 4 – Businesses processing up to 1 million card transactions annually through all channels and/or does not process more than 20,000 card transactions annually via eCommerce
You can find out more about the full list of requirements for PCI DDS on the official PCI site.
Whilst the process of becoming PCI DSS compliant can be a little daunting, our partner Opayo is one of the UK’s most trusted payment providers, helping businesses grow and accept payments from customers all over the world.
Opayo can guide you through the process of becoming PCI DSS compliant, making the whole process both quick and easy. To read their latest Whitepaper on becoming PCI compliant, click here.