PCI Compliant Yet? - Time is running out!
What is the PCI-DSS (Payment Card Industry Data Security Standard)?
As taken from the official PCI website -
"The PCI Data Security Standard represents a common set of industry
tools and measurements to help ensure the safe handling of sensitive
information. Initially created by aligning Visa's Account Information
Security (AIS)/Cardholder Information Security (CISP) programs with
MasterCard's Site Data Protection (SDP) program, the standard provides
an actionable framework for developing a robust account data security
process - including preventing, detecting and reacting to security
incidents. The updated version, version 1.1, developed by the founding
members of the PCI Security Standards Council, became effective with the
launch of the PCI Security Standards Council."
In layman’s terms it’s basically a set of security checks that affects
all companies taking transactions over the internet. The procedure is in
place to allow a more secure environment in which to process card
transactions. All of the major banks/card issuers are enforcing this,
sometimes with potential financial penalties for companies that don't
pass the security checks within a certain timeframe.
How does this affect Roeville WebRes customers?
Most, if not all, of our customers using WebRes have already been asked
to pass PCI compliance tests by their banks. In most companies this
involves a letter from their bank asking for a PCI certificate of
compliance for their company. Some banks have also been recommending 3rd
party IT companies to help you with this. Before signing up to a 3rd
party service it would be worth your while speaking to us first.
For 99% of our companies your PCI certificate of compliance can be
gained through us very easily and quickly.
Gaining PCI status requires 2 areas to be completed.
The 1st is in relation to your WebRes website. Your website
needs to be scanned at least every 90 days to make sure it passes the
PCI Security and Vulnerability checks. Thanks to modifications we’ve
already made within WebRes, WebRes sites have been passing PCI
compliance for a number of months now. This doesn’t mean that your site
would pass a PCI check right away though. All of our WebRes sites are
different in design and functionality and so each site has to be treated
as an individual and may require specific work on the site to have it
pass the PCI check.
The 2nd is an annual questionnaire based on your company IT
as a whole that needs to completed by yourselves and your IT support
company. Together both of these completed actions allow us to create a
PCI certificate of compliance for your company. There are different
levels of questionnaire depending on how your company processes
transactions. Most of our customers fall into a "Type C" questionnaire.
Example questions may ask you about Anti-Virus software on your network
or what policies your company has in place to deal with the storage of
card numbers e.t.c. You will probably require help from whoever looks
after your IT to complete some of the more technical questions along
with our help too.
What are the costs?
Roeville charges a one-off fee of £50 to set
up an account for PCI and an annual charge of £200. For this we
help you to pass both of the above procedures and provide a PCI
Compliance certificate for your website (example
here) and an overall PCI
compliance certificate for your company. It also covers any
modifications we may need to make to your WebRes site in order for it to
gain a pass on PCI checks.