PCI DSS – Payment Card Industry Data Security Standard in the UK

Old No Comments on PCI DSS – Payment Card Industry Data Security Standard in the UK 19

For the IT professional, PCI compliance here in the UK can take many forms depending on how you process credit card details.

If you business basically operates as a high street shop and you process credit/debit cards via a PDQ terminal over a PSTN/ADSL phone line then you really have no issues other than having to complete an annual  Self – Assessment Questionnaire from your Merchant bank or Service Provider.

At the other end of the scale, if you process credit cards online and store details on your servers or servers you have a legal responsibility for then you may be in for additional work.

The PCI Security Standards Council has drawn up a number of categories depending on your  card processing and storage.

If you record Card details on an application or systems then you will have to prove compliance. Compliance testing is carried out by a number of approved companies, in my case this was Security Metrics who carry out 6 -12 month penetration testing on your network/firewall to expose open ports and services that are deemed a risk. Each risk found add points, if you accrue more points than a given threshold then you will be deemed non-compliant. The test results then allow you go to back and make the necessary changes to your network and re-test. If you then pass the test the results info is passed back to your Merchant Bank who mark you off as compliant.

If you choose to ignore PCI DSS compliance your service provider may increase the handling percentage rate and any fraudulent transactions will be at your risk not your card companies.

Ignore or falsify at your peril – they’ll get you in the end or you’ll pay a heavy price.

On a positive, when you do comply you at least know you have some form of increased security and the process may be the trigger to upgrade that old firewall, but do not allow a shiny compliance certificate let you believe your safe, your just a little safer than before.

Checkout  – https://www.pcisecuritystandards.org/index.php

 

 

 

Author

John R

John Reidy is an IT Manager for a Transport & Logistics Group of Companies in the UK. John’s background is in Network support and design for the Ministry of Defence, commercial premises, Ports and Sea going vessels serving the European Ferry industry. A BICSI trained and qualified Technician and promoter of the methodology for optimised best of breed information transport systems he designs LAN/WAN solutions together with hosted and on premise Telephony PBX solutions. John currently supports 190 users over 8 companies throughout the UK and Middle East supporting all aspects of the business associated technology and infrastructure on a 24/7 basis.

Related Articles

Leave a comment

Back to Top