m menu image Homepage

PCI Compliance

PCI Compliance

Below you will find some basic information on what PCI is and how it came about, feel free to have a read and get yourself up to speed. There are a lot of Myths surrounding PCI compliance and the PCI Security Standards Council provide a plethora of services, agents and information to get you on the right track. Apart from a bit of free basic information, almost everything is chargeable unfortunately and designed to empty your pockets and wrap you up in expensive contracts. As you may have gathered, we here at Saxon Websites™ are not fans of the council or its forced standards simply because we believe in a free web and it is our opinion that the banks have muscled in and forced their fees upon small business' without actually giving anything away themselves - most of what they insist upon was standard practice by good developers way before they appeared on the scene.

The Standards Council have implemented employee training programs, provide lists of qualified security assessors and their reach extends far beyond your company website. The latest recommendations by Visa include employee background checks and the like, all designed to scare you into using their sanctioned services and partner companies. Don't despair just yet though, there is light at the end of the tunnel. There are ways of severely limiting your businesses exposure to the responsibilities and obligations dictated by the Standards - and we can show you how. Utilising a third-part payment gateway for example is one of many ways in which we can cut through the red tape for you - we have gained certification for numerous businesses without having them to buy-in to the whole PCI package or compromise security in any way ... we understand the processes involved and can save you a lot of money.


PCI Compliance - Brief Explanation

Payment Card Industry Security Standards Council (PCI SSC)

In September 2006 American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc came together and founded the Payment Card Industry Security Standards Council (PCI SSC). The council promptly introduced a set of requirements allegedly designed to ensure that ALL online companies that process, store or transmit credit card information maintain a secure environment - known today as the Payment Card Industry Data Security Standard (PCI DSS). Whether you believe the banks where indeed trying to create a more secure transactional environment, or believe as many do, it was a blatant attempt to gain additional revenue from internet sales - they appear to have achieved their goals. The standard that they have forced upon Merchants has taken hold and is here to stay, meaning that to trade effectively on the internet you are required to pay their fees and abide by their rules and regulations.

Dealing with credit cards on the internet means that you are required to be PCI compliant

Becoming PCI Compliant does not however make you any less responsible should the data that you have acquired fall in to the wrong hands. Although the council insists that you meet their standards, and charges you in several differing ways (albeit indirectly), they themselves, accept no responsibility whatsoever. Please note that definitions of the term 'Bank Robbery' vary depending on who you speak to.

PCI Compliance - Heavy Penalties

The website from which the Security Standards Council operates and administers its policies (www.pcisecuritystandards.org) states 'Any fines and/or penalties associated with non-compliance with the PCI DSS and/or confirmed security breaches are defined by each of the payment card brands - For more specific information, please contact the individual payment card brands.' It is common knowledge that the figures involved are scary and sufficient to crucify a small business.

Ensure your website developer is conversant with PCI compliance requirements

One reputable source (www.pcicomplianceguide.org) gives some details: 'The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business. It is important to be familiar with your merchant account agreement, which should outline your exposure'. In conclusion, it is safe to say that making sure that your website designer has good awareness of PCI Compliance and its implementation is of paramount importance - you, the owner, could be liable for a hefty fine if your website is not up to scratch.



No comments yet.

Add Comment

Basic steps towards PCI compliance

Diagram illustrating basic steps towards PCI compliance

Above is a diagram showing the rudimentary steps that your company will need to go through in order to acquire a certificate of compliance for the PCI Data Security Standard. Saxon Websites™ has experience in this field and will help you through the minefield of red tape so don't worry - our websites are built with this certification in mind.

Social Media

Recent News

Who's Online

There currently are 2 guests online.
Accreditations, Associations and Memberships