PCI DSS Compliance

Secure card payments

The Payment Card Industry Data Security Standard (PCI DSS) was set up to ensure businesses process card payments securely.  The standard protects cardholder data by implementing thorough controls around how cardholder data is stored, transmitted and processed.

Who is PCI DSS compliance for?

  • Every business and organisation that stores, transmits or processes cardholder data needs to be compliant with PCI DSS.
  • There are differing requirements, depending on your payment card environment, scope and the number of transactions your business carries out.
  • It's worth noting that if you suffer a data breach and you aren't PCI compliant, you may be subject to fines and liable for the fraud losses incurred against the card data lost.

Why be PCI DSS compliant?

  • Whether you store, process or transmit card details - PCI compliance is mandatory
  • Be confident that you are handling credit card payments in a compliant way, and promote trust with your customers
  • You may be liable for non-compliance fines if you fail to submit your annual PCI DSS compliance attestation
  • If you suffer a data breach while you are not compliant with PCI DSS, you could be subjected to card breach fines, ICO fines, reputational damage and possible legal action

How does it work?

  • We start by assessing your situation to determine the scope and what level you need to be reporting at. Then, we conduct a gap analysis, looking at what you already have in place against the requirements, so we can determine additional measures that need to be implemented to achieve compliance.
  • We will advise and assist with any remediation work needed to meet the standard.
  • Finally, we will carry out your assessment and complete the necessary reports and questionnaires as required.

Pricing

The cost of PCI engagement will depend on scope which includes a number of different scenarios for example : number of transactions, type of transactions (e.g. face to face, ecommerce), payment environment etc