Roeville Computer Systems Banner 1 Roeville Computer Systems Banner 2 Roeville Computer Systems Banner 3 Roeville Computer Systems Banner 4
 PCI Compliance 
New Page 1

PCI Compliant Yet?  - Time is running out!

 

What is the PCI-DSS (Payment Card Industry Data Security Standard)?

 

As taken from the official PCI website - www.pcisecuritystandards.org

"The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process - including preventing, detecting and reacting to security incidents. The updated version, version 1.1, developed by the founding members of the PCI Security Standards Council, became effective with the launch of the PCI Security Standards Council."

 

In layman’s terms it’s basically a set of security checks that affects all companies taking transactions over the internet. The procedure is in place to allow a more secure environment in which to process card transactions. All of the major banks/card issuers are enforcing this, sometimes with potential financial penalties for companies that don't pass the security checks within a certain timeframe.

 

How does this affect Roeville WebRes customers?

Most, if not all, of our customers using WebRes have already been asked to pass PCI compliance tests by their banks. In most companies this involves a letter from their bank asking for a PCI certificate of compliance for their company. Some banks have also been recommending 3rd party IT companies to help you with this. Before signing up to a 3rd party service it would be worth your while speaking to us first.

 

For 99% of our companies your PCI certificate of compliance can be gained through us very easily and quickly.

 

Gaining PCI status requires 2 areas to be completed.

 

The 1st   is in relation to your WebRes website. Your website needs to be scanned at least every 90 days to make sure it passes the PCI Security and Vulnerability checks. Thanks to modifications we’ve already made within WebRes, WebRes sites have been passing PCI compliance for a number of months now. This doesn’t mean that your site would pass a PCI check right away though. All of our WebRes sites are different in design and functionality and so each site has to be treated as an individual and may require specific work on the site to have it pass the PCI check.

 

The 2nd is an annual questionnaire based on your company IT as a whole that needs to completed by yourselves and your IT support company. Together both of these completed actions allow us to create a PCI certificate of compliance for your company. There are different levels of questionnaire depending on how your company processes transactions. Most of our customers fall into a "Type C" questionnaire. Example questions may ask you about Anti-Virus software on your network or what policies your company has in place to deal with the storage of card numbers e.t.c. You will probably require help from whoever looks after your IT to complete some of the more technical questions along with our help too.

 

What are the costs? 

Roeville charges a one-off fee of £50 to set up an account for PCI and an annual charge of £200. For this we help you to pass both of the above procedures and provide a PCI Compliance certificate for your website (example here) and an overall PCI compliance certificate for your company. It also covers any modifications we may need to make to your WebRes site in order for it to gain a pass on PCI checks.