Are You Up To Speed With PCI DSS?
Released on: September 23, 2011, 3:41 pm
It’s crucial that businesses keep on top of compliance,
particularly with a range of updates being made to PCI DSS
requirements. Tim Allitt, Head of Sales & Marketing, SecureTrading
takes you through what your organisation needs to consider
Many organisations have taken significant steps to achieve PCI compliance and
believe their current infrastructures would pass assessments. Now that the PCI
Security Council has released version 2.0 of the PCI Data Security Standard and
Payment Application Standard it is vital that retailers understand what this means
for their day-to-day business.
The Payment Card Industry Security Standards Council (PCI SSC) recently updated its
compliance guidance. Many retailers were hoping the update would give a clear way
forward in terms of their PCI DSS compliance.
The guidance covered two areas. Firstly, the guidance concludes that EMV (Europay,
MasterCard and VISA (EMV) or more commonly referred to as chip and pin) does not
address PCI DSS and therefore the two need to coexist. The SSC are supporting EMV
but it is still not insisting that EMV become the global standard. This means UK
merchants are put at risk every time they want to accept payment on cards which are
not EMV smartcards, and UK card holders are put at risk because their stolen data
can be used on cloned cards outside of the UK where swipe is still the default
Secondly, with regard to Point To Point Encryption (P2PE), the SSC states that the
technology is at an ‘immature’ stage. The reality is however, that there are
solutions in the market today which fit the P2PE definition and which are PCI DSS
The responsibility of managing data is one issue that won’t disappear for retailers
and they may want to consider outsourcing the management of payments to a third
party. Cost is a big concern to a retailer and if a business outsources to a secure,
outsourced managed service from a Level 1 PCI DSS certified payment solution
provider they will be able to have a fixed cost for this managed service. If they
choose to outsource these costs they could potentially spiral out of control.
According to a survey by Cisco, 67 per cent of IT decision makers think that their
spending on PCI compliance will increase in the next year.
Therefore it makes sense for a business to select a suitable payment processor for a
retailer’s needs and outsource its PCI requirements. Not only will this make
integration easy and provide excellent technical support, it will also offer the
merchant the ability to offer all the payment methods a customer might have in their
wallet or purse and thereby enable businesses to process payments swiftly and
securely. The best payment processors will have a range of products to suit
start-ups, SMEs and large corporate organisations.
The harsh reality remains, that the onus is on retailers of all sizes to comply with
the PCI DSS regulations and it is retailers who face the cost of non-compliance (in
terms of heavy fines and withdrawal of card acceptance services) – not their
suppliers. Payment service providers can help you with your online business, but you
should also ensure that your offline procedures are compliant. Your acquiring bank
will be able to help you ensure your offline compliance, while SecureTrading can
advise on online requirements.
Working with an expert who has gone through the compliance process themselves and on
a fixed fee basis could help them reduce costs to a minimum and not jeopardise their
long term business plans or customer data.
SecureTrading is the UK's leading independent payment processor, providing online payment processing for all types of businesses via the most reliable and secure internet payment gateway. Founded in 1997, the company’s fast, reliable and professional online
card payment services enable its customers to accept credit cards, debit cards and
other payment methods such as PayPal and Ukash online.
SecureTrading also offers the most comprehensive suite of counter-fraud services
available. From its core services of 3-D Secure, CVV2 and AVS to SecureTrading Fraud
Score enabling IP checking and SecureTrading Identity Check which enables full KYC
checks, the company reduces significantly the threat of online fraud to businesses.
For businesses looking to expand internationally, SecureTrading offers Virtual terminal,
supports Dynamic Currency Conversion as well as European payment systems including
ELV, iDeal, Sofortüberweisung and Giropay.
For more information visit www.securetrading.com
Follow SecureTrading on Flickr http://flickr.com/photos/SecureTrading, Facebook http://facebook.com/SecureTrading, Twitter http://twitter.com/SecureTrading and
Tel: + 44 (0) 1435 873080
Contact Details: Sundridge Park Manor
Back to previous page
Submit your press release