Confused by PCI DSS compliance? Read this guide for a general overview of what this is and how you can ensure your business is compliant.
PCI DSS (Payment Card Industry Data Security Standard) is a standard set by the PCI Security Standards Council. Their aim is to protect businesses from the consequences of payment card fraud and to increase credit card data security.
From large global companies, to small businesses, if you are a merchant and accept card payments online or offline, it is vital that you are compliant with the requirements set by this standard. Not only will this protect your consumers card data and ensure trust around your business, but it will also protect your business from the effects of payment card fraud. Any merchant accepting payment cards is liable for maintaining their customers’ cardholder details.
This can be daunting, however there are services offered by payment brands, such as your gateway provider, to help you understand what your business needs to do in order to comply with the standards. Some may guide you through the process and some even help you fill out the assessment documentation, which may come at a fee.
The size of your business will determine the specific requirements you must meet and the information that will be required. It is then your payment brand’s (or gateway provider’s) job to ensure you are complying as they themselves are also liable for any fraudulent activity. They will also be in charge of any non-compliance penalties.
If you use Create Payments, which is in partnership with Worldpay, you will need to assert your compliance at a low level. This is likely to be in the form of the Self-Assement Questionnaire. See the PCI DSS Self-Assessment PDF for more details on self-assessment.
With Create Payments you will be contacted by Worldpay's SaferPayments team who will ask you to provide evidence of your compliance, or you can sign up to their low cost service and they'll help you become certified as PCI DSS compliant. For more information on the SaferPayments programme and asserting your compliance with Create Payments, see our guide on "PCI DSS Compliance With Create Payments".
Please note: If you are using an alternative gateway with your Create account, you will need to speak with your provider about their requirements.
As these payment brands manage and ensure each individual merchant is compliant, any requirements should be discussed with the payment processing company you use for your business.
Click on the gateway you are using from the list below and this will take you to a useful link to get you started:
Although the PCI Security Standards Council does not manage the enforcement of PCI compliance themselves, they are there to support merchants in maintaining the standards and offer information and material to help with the process. You can find out more from the Standards Council on how to be compliant.
We would always recommend seeking professional advice when it comes to legislation and legal requirements for your business.