PCI DSS stands for one of the world’s most important e-commerce standards, the Payment Card Industry Data Security Standard.
Administered by the PCI Security Standards Council (PCI SSC) and founded back in 2006 by MasterCard, Discover, Amex, Visa and JCB International, the world’s five largest credit card providers, this standard aims to ensure that any company that stores, processes or transmits cardholder data complies with the rigorous security measures required.
Although the law does not require PCI DSS certification, banking regulations do contemplate high penalties for cases in which any company or organization fails to comply with the measures contemplated in this standard and a breach occurs that results in the loss or theft of user data. In addition to the penalties, some known cases already amounting to 300,000 euros, the bank is obliged to withdraw all the POS terminals from the company or organization from which the data theft originated, and therefore favored the commission of the fraud in question.
It is not very coherent, but from this regulation it is understood that the authorities presume that any company must be sufficiently responsible with the processing of its users’ card data so that it is not necessary to oblige by law to comply with the measures contemplated in the PCI DSS standard, although it is essential to do so for three reasons:
- Because by adopting the measures contained in the PCI DSS standard, any company will avoid heavy fines as a result of any type of breach of the payment card data it handles and will not see the possibility of continuing to charge by credit card discontinued.
- Because users will value positively that the company has a PCI DSS certification, a factor that can make a difference in a highly competitive market.
- Because more and more companies are deciding to rely only on suppliers, partners or customers who have PCI DSS certification, in order to clean up their connections as much as possible and avoid potential liabilities.
- When bank card data is “stolen” in the course of a company’s commercial operations, not only are PCI DSS regulations not being complied with, but there could also be serious consequences derived from the security regulations required by the Organic Law on Data Protection (LOPD).
How is PCI DSS certification obtained?
Extensive information on PCI DSS compliance can be found on the PCI Council website and the PCI Council Quick Reference Guide. Subsequently, regarding the compliance requirements that apply to your particular business, the PCI Council directs merchants to verify these requirements directly with the card brands.
What are the PCI DSS requirements?
Because the PCI DSS is a particularly comprehensive security standard, it is composed of 12 general requirements that have been designed with the objective of:
- Building and maintaining a secure network
- Implement strong access control measures
- Protecting the data of payment cardholders
- Regular monitoring and testing of networks
- Ensure maintenance of vulnerability management software.
- Ensure maintenance of information security policies.
In practice, and for obvious reasons, your company will require a team of professionals specialized in security management procedures and policies, network architecture, software design and other associated protection measures.
How can PAYbyCALL help you achieve PCI DSS certification for your company?
PAYbyCALL is a credit card payment solution that allows any merchant to capture, manage and transmit customer card data in compliance with all the measures recommended by the PCI DSS standard.
Thanks to the fact that the automated PAYbyCALL system is in charge of charging the card without the need to register or store the customer’s card data, your company will not be responsible in any case for a potential loss or theft of your users’ card data, since it has never captured or managed them.
Find out how we can help you. Contact our team and we will advise you on any questions you may have, without obligation.