Payment Card Industry Data Security Standard (PCI-DSS)
Compliance Will Soon Be Mandatory
You should act now to protect your clients and yourself. Adherence to the Payment Card Industry Data Security Standard (PCI-DSS) is a statutory requirement. The onus is on you to comply. Failure to do so may result in substantial penalties, expensive litigation and loss of consumer trust.
If you are part of the management team of an organisation that processes, transmits and/or stores payment card data, you are liable to ensure that your payment solution is PCI-DSS compliant. Regardless of whether you process transactions electronically, via a third party, over the phone or over the counter, the security of any debit or credit card you handle is paramount. Should that data be stolen, in part or in full, or otherwise used in a fraudulent manner while in your care, you may be faced with service and or financial penalties from your acquirer and be required to undertake a full forensic investigation at your expense.
That alone should have the alarm bells ringing loudly. Subsequent to any initial monetary loss, consider what a breach in payment card security could mean in the long term. Ongoing client confidence and trust could be jeopardised, your organisation’s reputation could suffer - as could your ability to generate sales and attract new customers down the track.
Thus there is a very real need to comply ASAP by utilizing a PCI-DSS solution designed to improve security and reduce the overall risk your company could face in the event of theft or fraud.
Assistance for the Fitness and Leisure industry.
Fitness centres, gymnasiums, swimming schools and other sporting clubs are very susceptible to risk as so much of their business is conducted through direct debit and payment card facilities. Fraudulent activity has already been detected within this industry, so you are strongly advised NOT to wait until PCI-DSS Compliance is mandatory. You should seek a payment processing solution that is already PCI DSS compliant such as LinksPay that incorporates technologies such as ‘Card Vault’ secure storage and full integration with Links software.
There are two standards that you must be aware of when handling credit card payments
PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organised:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Payment Data Security Standard (PA DSS)
PA-DSS is the Council-managed program formerly under the supervision of the Visa Inc. program known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited card data, and ensure their payment applications support compliance with the PCI DSS.
Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements. In-house payment applications developed by merchants or service providers that are not sold to a third party are not subject to the PA-DSS requirements, but must still be secured in accordance with the PCI DSS.
