If you accept card payments from your customers, PCI DSS rule set applies to you and to all the parties you choose to help you in this process, from software developers to payment processors. It’s important to bear in mind that all entities involved in the process must scope their cardholder data environment (CDE), which includes identifying all system components that are located within or connected to it. Managing PCI compliance throughout the year often requires involvement from various teams and departments within a company. Proactive and collaborative behaviour is key for a business to ensure its adherence to the regulation.
9 million card records have been breached between 2005 and 2018*. The possible implications of a data breach for a company are legal actions, reputation damage to the business and heavy fines that range from $5,000 to $100,000 per month for the non-compliant company.
According to PCI Security Standard Council, “Merely using a third-party company does not exclude a company from PCI DSS compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore the PCI DSS”. Judopay will help, but it can’t make you compliant.
There are three actions every company handling cardholder data should constantly perform:
In addition to this, Judopay is always ready to support its merchants with PCI guidance, compliance advices best practices recommendations and regulation updates.
Evidence of compliance on the merchant’s side is provided in various ways according to how payments are taken and the volume of transactions per annum.
There are 9 different Self-Assessment Questionnaires designed from the PCI Standard Security Council for merchants that do not process more than 6 million transactions annually.
The Self-Assessment Questionnaire includes a series of yes or no questions for each applicable PCI Data Security Standard requirement. Please find an explanatory guide below:
Specific questions about compliance validation levels and what merchants must do to validate should be directed to the acquiring financial institution or payment card brand. Links to card brand compliance programs include:
The Payment Card Industry Data Security Standard (PCI DSS) is a set of technical and operational security requirements that can help merchants to protect customer card data.
Visa, Mastercard, American Express, Discover, and JCB are the payment brands members of the Payment Security Standard Council (PCI SSC).
Before 2006, these companies had separate standard security standards programs, which were unified in one global standard policy, the PCI DSS.
The PCI DSS standards apply to all entities that are somehow involved in payment card processing to reduce monetary losses for companies and consumers and protect consumers from identity theft.
The Standard – https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf
Supporting Documents – https://www.pcisecuritystandards.org/document_library
Glossary – https://www.pcisecuritystandards.org/documents/PCI_DSS_Glossary_v3-2.pdf
PCI Security Standards Council Website – https://www.pcisecuritystandards.org/
FAQs – www.pcisecuritystandards.org/faqs
PCI DSS Blog – https://blog.pcisecuritystandards.org/
*According to the Privacy Rights Clearinghouse: https://www.privacyrights.org/data-breaches