In over 15 years of handling payments one topic elicits more questions than any other.
Many of the organisations who contact us are confused by payment security standards and how these apply to their organisation.
In the first of a blog series we take a look at our introduction to PCI DSS, its aims and implementation.
Need more information? Contact Us
PCI DSS or Payment Card Industry Data Security Standard is a set of standards relating to the handling of sensitive payment data. These are based upon established best practice, cover all environments where payments details are held or handled.
PCI DSS forms one layer of the Payment Card Industry Security Standards, along with further regulations relating to payments hardware and software:
Copyright PCI Security Standards Council
PCI developed in the early 2000’s in reponse to the increasing risks represented by technology and the rise of the internet. The standards are overseen by the PCI Security Standards Council, founded in 2006, and are updated regularly in response to new threats an challenges.
The Goals of PCI DSS
Copyright PCI Security Standards Council
The council states it “does not manage compliance programs and does not impose any consequences for non-compliance.” however many, if not all, financial institutions make compliance mandatory for their partners and customers.
Merchants (ie those businesses seeking to process payments) are divided into different Tiers/ Levels based on their trading profile, etc. The exact definitions vary, however there are broad similarities. Find out More Here
Contact us to find out how C3’s expertise can help you achieve PCI compliance in a cost-effective manner.