in under 1-Min!
Merchant services: What is PCI DSS and why is it important to my business?
PCI DSS stands for the Payment Card Industry Data Security Standard, and every retailer using EPOS solutions needs to be aware of what PCI DSS entails.
Seeking to prevent fraud across the retail industry
PCI DSS is so important because major card providers Visa and Mastercard both insist that electronic retailers follow its standards. Because it sets out to ensure that users of electronic payment systems are protected from data breaches and other security problems, complying with PCI DSS should be a no-brainer for anyone adoption EPOS.
Tightening every link in the payments chain
When applying PCI DSS standards, retailers need to look at every point along the payment chain where customers' vital information could be lost to fraudsters. One obvious point is the card reader itself. The encoded numbers held on the credit or debit card can be read out onto other cards and used by fraudsters, so retailers are required to take certain steps to make sure that their readers cannot do this. Vital information could include the expiration date of the card, its Primary Account Number and the security code (on the back of the card).
Think about how PCI DSS relates to staff and network security
However, PCI DSS is not all about the card reader. Retailers are also asked to look at the security of physical data (such as papers) and the security of their online databases as well. Wireless routers have been highlighted by PCI DSS as one area of particular concern. Another area of vulnerability is staff training, and PCI DSS recommends that all staff are trained to prevent fraud. The general idea is that private credit or debit card data should be protected at all times.
Compliance with PCI DSS should be stress free
Learning about what PCI DSS requires is not difficult. Merchants can complete a simple questionnaire laying out each area of compliance. A list of approved card payment readers is also provided in the PCI DSS website, and useful guidelines are made very clear. For example, it is recommended that firms never store customer's payment details on paper, and that any wireless routers are firmly secured via encryption with strong passwords. To prove that they are compliant, firms then have to make a brief report to banks and credit card companies. It shouldn't be too painful, and can save a lot of trouble along the line.
Not complying with PCI DSS can lead to criminal prosecutions and bankruptcy. After all, customers take a dim view of firms which provide their personal details to fraudsters. So any firm installing EPOS systems should ensure that they are PCI DSS compliant as soon as possible.
More information on Merchant services
Discover the buying guide for Merchant services
Getting the right card payment terminal – and getting it right
Merchant accounts for small businesses: a quick market review
PDQ machines glossary
Points to watch when selecting an online payment gateway
Necessary documentation to open a gateway account
Are PDQ terminals created equal?
Credit Card Security for your Business
Merchant accounts: packaged solutions for the new generation of commerce
What’s the difference between a payment gateway and a merchant account?
Choosing the right electronic payment terminal
Card terminals: 5 questions for your merchant bank
Fighting credit card fraud