Navigating PCI Compliance
What is PCI?
PCI-DSS (Payment Card Industry - Data Security Standards) are now an integral part of commerce and running an online business. PCI-DSS was established by the major payment card brands to protect consumer interests and standardise how online payment data is processed, stored, and transmitted. Adherence to PCI standards demonstrates to your customers and to other businesses that you’re capable of looking after the sensitive and personally-identifiable data you handle. Far from being optional, failure to comply with PCI-DSS means hefty fines and significant losses for your business. Even more crucial is the security of your customers’ data; any erosion of their trust could critically damage your reputation.
Merchant banks require that you’re complying with PCI-DSS in order to use their services. The five major payment brands behind the PCI-SSC (Security Standards Council) will levy monthly fines against a merchant bank for PCI compliance violations. These fines are eventually passed down to individual businesses who were responsible for maintaining PCI standards and failed to do so.
Because PCI compliance is ever-evolving, there are many common misconceptions about how it works! Here are two common ones that our team encounter as they work to provide solutions for our clients:
1) “Because I don’t store customer credit card information, I don’t need to be PCI compliant.”
PCI compliance applies to all aspects of handling sensitive data while it is processed. This means that PCI-DSS regulations cover not only the storage of credit card data (for example, for recurring payments), but also to any transmitting or processing of that data over networks, phone lines, etc.
2) “If I use a third-party hosting provider for my websites, then I don’t have to worry about PCI.”
PCI compliance is more than having an SSL certificate, or the little green lock symbol at the top of your ecommerce site. Just because your hosting provider is PCI certified doesn’t mean that your IT infrastructure doesn’t need to be. Liam Freeman, one of our Client Service Managers, commented that many businesses don’t realise that the responsibility is solely theirs to ensure that they’re PCI compliant. Your hosting provider will help you navigate the requirements, but you cannot rely on their compliance as a third party to cover your own.
How We Can Help
At Netplan, we have years of experience helping clients at all stages of their PCI journey. Liam Freeman also explained that what sets Netplan apart is our “ongoing partnership with the client together to make sure that compliance is continually met.” He emphasised our decade of experience navigating PCI regulations, which allows us to connect clients to the best solutions and equip them to store, transmit, and process data safely. PCI-DSS require audits and tests to measure how secure their systems are. We can point our clients to a wide network of contacts who can provide the audits they need to be PCI-certified.
We know how to help clients at all stages of their PCI journey, from just starting to achieving the highest levels. To learn more about how we’ve used our PCI expertise, have a read of our
customer story here to discover how we helped Construction Materials Online achieve PCI Level 1 compliance.
Or, if you’re ready to chat with our expert team, you can contact us here.