What is pci dss?

Security of payment card data is crucial in the online world. The standard to protect card data is the Payment Card Industry Data Security Standard (PCI DSS). This is a joint venture between Visa and Mastercard, supported by all banks.

Compliance with this standard is compulsory for all merchants who accept payment cards. You must be PCI DSS compliant if you handle, process or store payment card details either on computer or on paper. There are severe penalties if card information is compromised as a result of non-conformance with PCI DSS. As part of your agreement with your acquirer, you agree to these penalties.

You can become PCI DSS compliant in one of two ways.

Firstly, you can become compliant yourself. In practice, this is rather complicated, difficult and expensive. Requirements include physically restricting access to cardholder data; using non Windows-standard security measures; and defining, implementing and monitoring security procedures that meet specific required standards. For the majority of small businesses, achieving compliance will probably not be practical or cost-effective.

Alternatively, you can have your customers and staff enter card details only into sites and systems supplied by a third party who are themselves PCI DSS compliant.

Even if your buyer enters their payment details into a page at your web site and passes them to a PCI DSS compliant PSP, your web site must still be fully PCI DSS compliant, as you are collecting the card details and passing them on. This is because any compromise of your web site would lead to a rogue third party being able to acquire the card details.

For more information on PCI-DSS:
https://www.pcisecuritystandards.org/ (the official body responsible for PCI-DSS)
http://forum.pcianswers.com/ (discussion forum about PCI-DSS)
http://www.actinic.co.uk/pci-dss.htm (PCI DSS compliance of Actinic products and services)

Please click here to go to our PSP links page where you can create and setup accounts to take payments.