PCI DSS compliance
What is PCI DSS compliance?
Payment Card Industry Data Security Standard (PCI DSS) is a global security initiative. PCI DSS is a set of mandatory requirements that apply to all businesses taking credit and debit card payments and is designed to protect the security of your business, your customers and the banks. PCI Compliance ensures card data processing and storage is secure, protecting against fraud and other financial crime.
What will I gain from being PCI compliant?
Being compliant will not stop fraudsters targeting your business, but it will place you in the strongest position to prevent an attack and avoid the financial penalties and potential long term damage that can occur to your business as a result.
We recommend that all merchants comply with the PCI Data Security Standards as it protects your business and gives you peace of mind. Failure to comply can have serious long-term consequences. If there is a security breach of data from within your organisation, and you are not able to demonstrate PCI DSS compliance, you could be liable for any losses that arise and could face a substantial fine imposed by the Card Schemes, or a ban on accepting cards altogether!
How do I become PCI compliant?
Whether you are accepting card payments for the first time or switching card payment providers, it is your responsibility to ensure you remain compliant but with Firstlinepayments, this is simple.
When you join us, you will complete an online PCI Compliance assessment (called a SAQ – Self Assessment Questionnaire).
Your monthly PCI management fee includes membership to the PCI Programme and helps to manage compliance on your account.
You will receive annual reminders to renew your PCI DSS certificate online, giving you peace of mind and ensuring you avoid non-compliance penalties.
Your monthly PCI management fee does not cover non compliance fees which can be costly to your business so you must ensure you remain compliant.
Therefore, you must renew your PCI DSS certificate on an annual basis in order to remain compliant and avoid non-compliance fees from the acquirer.
The full set of standards can be found on the PCI SSC’s website