dcsimg

Demonstrate your PCI DSS compliance with by completing an SAQ

Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard).  Compliance will be a lengthy process for some, but organisations that handle fewer than six million transactions annually can speed up the process by completing an SAQ (self-assessment questionnaire).  There … [Read more...]

A compliance checklist for the 12 requirements of the PCI DSS

Any organisation that stores, processes or transmits payment card data must comply with the PCI DSS (Payment Card Industry Data Security Standard).  The Standard contains 12 requirements, which we’ll run through in this blog along with an overview of the steps you should complete to meet each one.   1. Install and maintain a firewall configuration to protect cardholder data Firewalls control … [Read more...]

How safe is it to take card payments over the phone?

Most of us are so comfortable making payments over the Internet that we barely think twice about the security implications. But the same can’t be said of transactions made over the phone.  Why is that? They’re both card-not-present payments, and you’re essentially doing the same thing: providing your card details to an organisation.  The only difference is that, over the telephone, you speak to … [Read more...]

How to achieve and maintain PCI DSS compliance

All organisations that accept card payments must comply with the PCI DSS (Payment Card Industry Data Security Standard). This is not a simple task, and if you make mistakes when implementing the Standard, you’ll struggle to achieve compliance and expose yourself to data breaches and regulatory fines. We understand that PCI DSS compliance is difficult, so we’ve laid out some recommendations based … [Read more...]

Understanding PCI compliance auditing

Businesses of all sizes must undergo Payment Card Industry Data Security Standard (PCI DSS) compliance audits to ensure that their customers’ data is protected during credit or debit card transactions and while stored. Under the Standard, Level 1 businesses – those that process more than six million credit card transactions a year – are subject to an annual on-site audit and quarterly network … [Read more...]

Policies and procedures, you need for PCI DSS compliance

Technology can only do so much to protect an organisation from data breaches. That’s why Requirement 12 of the Payment Card Industry Data Security Standard (PCI DSS) states that organisations should actively manage their data protection responsibilities by establishing, updating and communicating security policies and procedures in response to regular risk assessments. As with technology, security … [Read more...]

Having trouble complying with the PCI DSS? Here are some tips

Keeping cardholder data secure can be incredibly difficult, but have you tried… not storing so much information? You’d be surprised at how effective that apparently flippant advice is. Organisations often store more information than they need, making security trickier than it should be. Take primary account numbers (PANS). This information is needed far less other than cardholders’ names and card … [Read more...]

PCI DSS dissected: Reducing your cardholder data environment

The requirements of the Payment Card Industry Data Security Standard (PCI DSS) should be considered the starting point of security. The Standard doesn’t cover everything that organisations can do to protect payment card data, but it does cover everything that they should do, such as put in place the appropriate procedures, policies and work practices. Still, many organisations don’t see the PCI … [Read more...]