What is PCI DSS and how does it affect me?
PCI DSS is an abbreviation of the term Payment Card Industry Data Security Standard and is a global security standard set by the PCI Security Standards Council. PCI compliance is a mandatory requirement which applies to all businesses that store, process or transmit cardholder details and is in place to ensure a secure environment is maintained.
What happens if I’m not PCI DSS compliant?
If you do not comply with the industry standard then you are liable to incur substantial fines enforced by the card schemes and you could also find yourself being permanently banned from any further card processing.
PCI compliance in 4 easy steps
1. Securing your payment page - Hosted vs. API
The first step in becoming PCI compliant is to secure your payment page by choosing where it’s located. Here you have 2 options:
- A Hosted solution, meaning your payment page is located on your PSP’s server.
- An API solution, meaning your payment page is located on your own server.
2. Choosing your PCI provider
The second step is to choose a PCI provider. This service can be offered to you by your PSP or alternatively you can shop around for another PCI provider.
3. Compliance requirements - what you need to complete
The third step is dependent on which solution you chose for your payment page.
- If you chose a hosted solution (via your PSP), you are opting for your payment page to be located on a server/network which is already PCI compliant and therefore secure. However, in order for YOU to become PCI compliant you will need to complete an SAQ form, which on a hosted solution is the SAQ A form.
- If you chose an API solution, then you’ll be opting to locate your payment page on your own servers/network and in doing so will need to complete 2 steps to become PCI compliant. Step 1, you will need to complete SAQ form either C or D. Step 2, you will need to have your servers/network scanned quarterly to ensure they pass the 12 requirements for PCI compliance.
4. Proving you’re compliant
On both the Hosted and API solutions, once you have passed your PCI compliance checks, you will be provided with a certificate to prove your business is now PCI compliant.
Next steps - Staying PCI compliant
PCI compliance is not a one off task. Think of it as an MOT for your business to ensure that you are protecting both your customers and your business year on year by operating in a secure trading environment. As such, depending on which solution you chose for your payment page, you will need to complete a yearly SAQ and quarterly server/network scan.
What do you need for each solution?
- Hosted Solution - Yearly SAQ
- API Solution - Yearly SAQ and quarterly sever/network scan
How can PayPoint.net help?
As an industry leading PSP we have teamed up with the leading PCI provider Trustwave, in order to simplify the PCI DSS process. The benefits of our partnership is realised through our programmes flagship product, TrustKeeper, which acts as a centralised source for all your PCI DSS Compliance needs.
TrustKeeper® from Trustwave is the perfect solution for those who want to spend time working on, instead of worrying about, their business.
