01727 739812

  • If you take payment online, are you at risk of fraud and liability? PCI DSS explained.

    4
    5th May 2010 in E-commerce, General, Technology, fl1

    PCI DSS is a set of rules created by the PCI Security Standards Council with the intention of protecting credit and debit card data and enhancing awareness of these standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.

    Many people are confused about this so we have spent some time going through documents trying to un-ravel it for you. In short, if you are using a credit card terminal or are handling customer credit card details then you will need to research this further and probably either need to change the way you accept payments, or become PCI DSS Compliant.

    Yes or No! – Do I need to be PCI DSS Compliant?

    My web site stores card details for me to put into my credit card terminal. Do I need to be compliant?

    Yes you do. If you store, see or handle credit card details, you need to be compliant.

    I use a payment service provider to handle my credit card payments. Do I need my shop to be compliant?

    No you don’t. If you are using a payment service provider and never see a shoppers credit card details, you do not need to be compliant.

    To summarise
    If you ever come into contact with a shoppers credit card details, be it using a terminal or a web site to store the data, you DO need to be PCI compliant.

    If you never come into contact with a shoppers card details and use a third party like PayPal to handle your web site payments, you DO NOT need to be PCI DSS compliant.

    We do, and always have, suggested that clients use third party payment service providers as it takes away the headache of PCI DSS compliance such as SagePay.

    For more information visit The PCI Security Standards Council

    Or

    call us on 01727 739812

    Essays

4 Responses to “If you take payment online, are you at risk of fraud and liability? PCI DSS explained.”

  1. It’s also worth mentioning that PCI standards apply to recorded telephone conversations, so companies who take credit card payments over the phone and who record their calls need to make sure that the call recordings do not store any sensitive credit card data.

    Our company, Veritape, is in the process of launching Veritape CallGuard, a product that will make recorded calls fully PCI compliant. It works either with our own call recording software, or any other call recording system. Especially appealing if a company have invested heavily in an expensive call recording system, only to find that it isn’t PCI compliant!

    See http://www.veritape.com for more information.

    2. Cleo Maher on May 11th, 2010 at 3:34 pm

  2. [...] card information in your business both online and offline. There are standards in place such as Payment Card Industry/Data Security Standard (PCI/DSS). Falling foul of these standards could land you with fines in six figures and end up putting you [...]

    3. 10 Things to consider before trading online: part 1 « FL1 Group Blog on October 7th, 2010 at 12:44 pm

  3. [...] Legal Obligations As well as an understanding of PCI/DSS, there are Distance Selling Rules which are applicable to trading over the internet. These work in [...]

    4. 10 Things to consider before trading online: part 2 « FL1 Group Blog on October 8th, 2010 at 12:39 pm

  4. I love your article.

    5. Sean Coard on January 31st, 2011 at 10:58 pm

Leave a Reply

Archives

Categories

Tag Cloud

analytics announcements awards blackberry blogging bpw business Careers competition credit crunch ecommerce email facebook fl1 google hosting legal linkedin maps marketing meta tags microsoft networking operating system pci dss rank recruitment security seminar seo short-cut social social media success tech tips tips twitter url web web 2.0 website windows windows 7 wordpress workshop

Links

Latest Articles

Sign up for our newsletter!