As a Qualified Security Assessor Company and a pioneer in the field of cloud based internet security, Prevx is ideally placed to understand the threats faced by your company and the steps necessary to ensure you remain compliant with the PCI-DSS.

We offer the complete range of compliance services, from full onsite QSA Audits, to small businesses needing help to complete their self assessment filing.

If you store, transmit or process credit card data you must comply with the PCI-DSS

WHAT IS PCI-DSS?

The Payment Card Industry Data Security Standard, or PCI-DSS, is a scheme developed and maintained by the PCI Security Standards Council. Formed by the major card brands (VISA, Mastercard, American Express, Discover and JCB) it is an industry wide obligation designed to ensure merchants, processors and service providers maintain a consistent level of security in the fight against credit card fraud.

The PCI DSS is a security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It goes on to provide a framework for the prevention, detection and reaction to security incidents and ensures that your business has security awareness at its core.

Still confused by PCI-DSS?

If you have any further questions, or would like discuss your compliance needs, please don't hesitate to contact us using the button below:

Contact Us

WHO NEEDS TO COMPLY?

If as an organisation you store, transmit or process credit card information you must prove your compliance with the PCI-DSS. This applies to both electronic and manual business practices and processes.

Compliance doesn't just stop with you either. All third party companies that have a direct or indirect connection with the card holder data that you posses will also need to prove their own compliance. Even if you haven't yet started down the path of compliance it's likely that you have been, or will soon be, contacted by an upstream or downstream partner regarding this.

WHAT IS INVOLVED IN COMPLIANCE?

The criteria for the steps necessary to gain compliance are specified primarily by the number of transactions you process annually and the mechanisms by which you transact. We're happy to help you identify your own compliance requirements but you could also do this by talking directly with your acquiring bank. Once you've identified what is involved our in house QSA's are available to help set expectations with you as far as timescales and potential business impact is concerned.

WHAT HAPPENS IF I DON'T COMPLY?

The PCI-Security Standards Council itself has no powers to impose sanctions against a business or organisation as this is done directly by the individual card brands (for example VISA). In the case of a data breach the card brands are already directly fining the acquiring banks and where a merchant is deemed to be non-compliant these fines can, at the discretion of the acquirer, be passed on directly to you, or at the least you could have your merchant processing fees increased or service terminated entirely.

Clearly the risks to the long term livelihood of a business are much greater than the fines themselves. Potential loss of consumer confidence, drop in share value, exposure to potential legal action and an increased level of scrutiny by the regulatory authorities are just some of the issues a breached company faces.

In a recent survey 83% of small businesses were aware of the requirements of the PCI-DSS, however only 62% said they were actually compliant.

HOW MUCH COULD THE FINES BE?

An estimate of the potential costs is as follows: For a minor breach involving 10,000 card holder accounts, a merchant should expect fees of £4 per card; investigation costs of £25,000; average fraud of £900 per card, card replacement costs of £15 per card and £25 per card in chargeback fees. For what is a fairly small compromise of 10,000 credit cards, that comes to almost £10 million.

WHAT ARE THE BENEFITS OF COMPLIANCE TO MY BUSINESS?

Other than minimising the risk of fines from your acquirer, the benefits to you as a business are many fold. Being able to illustrate to your customers that you have taken all the steps necessary to protect their data whilst it is in your possession can help differentiate you from your competitors. Many of the steps necessary for compliance can also help to improve your internal procedures and streamline the processes necessary to carry out day to day operations. Making security and consistency a primary business goal will only help to ensure you can weather any storm heading your way.

WHAT DO I DO NEXT?

No matter what your level of compliance requirements, our QSA's can help you to achieve your compliance in a logical, practical and above all financially viable manner. We do not see compliance as the end of the road, rather that we should ensure that processes and safeguards put in place be above and beyond what's necessary today to ensure the security of tomorrow. For further assistance or for details of how we can help with your compliance needs, please click here.