Are You Up To Speed With PCI DSS?



Released on: September 23, 2011, 3:41 pm
Author: Zara Camble
Industry: Financial

It’s crucial that businesses keep on top of compliance, particularly with a range of updates being made to PCI DSS requirements. Tim Allitt, Head of Sales & Marketing, SecureTrading takes you through what your organisation needs to consider

Many organisations have taken significant steps to achieve PCI compliance and believe their current infrastructures would pass assessments. Now that the PCI Security Council has released version 2.0 of the PCI Data Security Standard and Payment Application Standard it is vital that retailers understand what this means for their day-to-day business.

The Payment Card Industry Security Standards Council (PCI SSC) recently updated its compliance guidance. Many retailers were hoping the update would give a clear way forward in terms of their PCI DSS compliance.

The guidance covered two areas. Firstly, the guidance concludes that EMV (Europay, MasterCard and VISA (EMV) or more commonly referred to as chip and pin) does not address PCI DSS and therefore the two need to coexist. The SSC are supporting EMV but it is still not insisting that EMV become the global standard. This means UK merchants are put at risk every time they want to accept payment on cards which are not EMV smartcards, and UK card holders are put at risk because their stolen data can be used on cloned cards outside of the UK where swipe is still the default standard.

Secondly, with regard to Point To Point Encryption (P2PE), the SSC states that the technology is at an ‘immature’ stage. The reality is however, that there are solutions in the market today which fit the P2PE definition and which are PCI DSS certified.

The responsibility of managing data is one issue that won’t disappear for retailers and they may want to consider outsourcing the management of payments to a third party. Cost is a big concern to a retailer and if a business outsources to a secure, outsourced managed service from a Level 1 PCI DSS certified payment solution provider they will be able to have a fixed cost for this managed service. If they choose to outsource these costs they could potentially spiral out of control. According to a survey by Cisco, 67 per cent of IT decision makers think that their spending on PCI compliance will increase in the next year.

Therefore it makes sense for a business to select a suitable payment processor for a retailer’s needs and outsource its PCI requirements. Not only will this make integration easy and provide excellent technical support, it will also offer the merchant the ability to offer all the payment methods a customer might have in their wallet or purse and thereby enable businesses to process payments swiftly and securely. The best payment processors will have a range of products to suit start-ups, SMEs and large corporate organisations.

The harsh reality remains, that the onus is on retailers of all sizes to comply with the PCI DSS regulations and it is retailers who face the cost of non-compliance (in terms of heavy fines and withdrawal of card acceptance services) – not their suppliers. Payment service providers can help you with your online business, but you should also ensure that your offline procedures are compliant. Your acquiring bank will be able to help you ensure your offline compliance, while SecureTrading can advise on online requirements.

Working with an expert who has gone through the compliance process themselves and on a fixed fee basis could help them reduce costs to a minimum and not jeopardise their long term business plans or customer data.

About SecureTrading
SecureTrading is the UK's leading independent payment processor, providing online payment processing for all types of businesses via the most reliable and secure internet payment gateway. Founded in 1997, the company’s fast, reliable and professional online card payment services enable its customers to accept credit cards, debit cards and other payment methods such as PayPal and Ukash online.

SecureTrading also offers the most comprehensive suite of counter-fraud services available. From its core services of 3-D Secure, CVV2 and AVS to SecureTrading Fraud Score enabling IP checking and SecureTrading Identity Check which enables full KYC checks, the company reduces significantly the threat of online fraud to businesses.

For businesses looking to expand internationally, SecureTrading offers Virtual terminal, supports Dynamic Currency Conversion as well as European payment systems including ELV, iDeal, Sofortüberweisung and Giropay.

For more information visit

Follow SecureTrading on Flickr, Facebook, Twitter and YouTube

Fieldworks Marketing:
Zara Camble
Tel: + 44 (0) 1435 873080

Contact Details: Sundridge Park Manor
Willoughby Lane