We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

01273 359133 01273 359133 Free IT Survey

Are your customer’s card details safe with your business?

5th May 2022

Many businesses accept different card merchants, take online payments, online bookings, and online orders… but are you keeping your customer’s information safe?

More often than not, businesses are unaware of the risks that may come with not having PCI compliance in place and the potential extra costs that can be associated with this. In this blog, we will explore the importance of having secure PCI compliance in your business and how it will benefit both your business and its customers.

What are the laws and regulations?

According to the Payment Card Industry Data Security Standard (PCI DSS), PCI compliance is relevant to any business or organisation of any size that processes transactions, accepts, transmits, or stores cardholder data.

If it is found your company has been involved in a data breach, you could face fines of up to £3.5 million.

You must undergo a PCI auditing procedure in order to become PCI compliant. There are 4 levels starting with 1 processing the highest and 4 processing the lowest amount. It also involves looking at your overall company security procedure and making sure other aspects are regularly maintained and have procedures in place such as ensuring your website has safety updates in place.�

What are the 12 requirements to be PCI compliant?

  1. Use and maintain firewalls – firewalls prevent and block access to private data, ensuring any cardholder details and information remains safe
  2. Password protection – POS systems, routers, etc… usually come with generic pre-set passwords. To be PCI compliant you must have procedures in place to change these to secure passwords and keep a list of devices and software that requires a password.
  3. Cardholder data protection – cardholder data must be encrypted and have encryption keys (which are also encrypted for compliance).
  4. Encrypt transmitted data – cardholder data can be sent through a range of channels including stores, home offices, and more, that’s why it’s important to ensure all data is encrypted.
  5. Anti-virus – anti-virus software should be installed and regularly maintained and patched to ensure data is safe and secure.
  6. Update your software – your software can only be fully effective if it is regularly updated, updates often come with added security features, this is why it’s important to keep an eye on them.
  7. Data access – not everyone needs access to cardholder data, only people who require it should be granted access to sensitive information.
  8. ID for access – identification and credentials should be in place to ensure only the right people are accessing any data.
  9. Physical location – any customer data that is kept in hard or physical copies should be kept somewhere safe and secure, record keeping of who and when data is being accessed should also be kept to be in line with PCI compliance requirements.
  10. Access logs – PAN (primary account numbers) require a log entry when dealing with cardholder data, log access software should also be used to make sure logging is done accurately.
  11. Vulnerability – scanning your company for vulnerabilities including out-of-date software, physical locations, and the human error should be done to eliminate risks.
  12. Document policies – equipment, software, and staff that have access to cardholder data should all be documented in order to be PCI compliant.

What are the benefits?

It may sound like a lot of work, but it definitely comes with a range of benefits that make it totally worthwhile.

Most importantly, your customer’s and cardholders’ data is safe, meaning their card information cannot be accessed by the wrong people, with this comes a great company reputation (imagine the trust you’d lose if you were involved in a customer data breach!)

You may avoid card merchants’ fees, many card merchants will add additional fees to companies who are not PCI compliant and most people don’t even know they are being charged!

Introducing these additional measures will make you secure and compliant with other regulations simultaneously, so it’s a win-win for everyone!

If you want to know more about being PCI compliant, or need some advice, get in touch with the Astaris team.

You may also like

View all posts
Why Outsourced makes the best it network

Why Outsourced makes the best it network

In today’s fast-paced tech-focused world, having a robust IT network is essential for success. Whether you run a small startup or a large corporation, you can’t afford to neglect your IT needs. However, having in-house IT support is expensive, and paying for the right software is expensive.  Cost effective  One of the main reasons businesses […]

Read More
Cyber Essentials Scheme

Cyber Essentials Scheme

Astaris is now a part of the Cyber Essentials Scheme, This is a government-backed scheme that shows an organisation complies with a minimum level of protection in cyber security through annual assessments to maintain this certification. What is the scheme… And what are the requirements? In general, the Cyber Essentials scheme focuses on helping organisations […]

Read More
Should I Be PCI Compliant?

Should I Be PCI Compliant?

In an era where digital transactions have taken over, businesses must prioritise the security of their customer’s payment card data. One of the most effective ways to achieve this is by becoming PCI compliant. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements to protect cardholder data and ensure […]

Read More

LET US TAKE YOUR IT CONCERNS OFF YOUR HANDS

SO YOU CAN FOCUS ON THE IMPORTANT PARTS OF YOUR BUSINESS
Phone 01273 359133 Phone 01273 359133 Request a callback