PCIDSS may sound just like a load of letters, but is an important issue for your small business if you process credit cards. Neil Lathwood, IT Director at UKFast, global hosting provider explains some simple steps so you can check that you are meeting the right requirements. Small merchants with fewer than 20,000 transactions per year represent two-thirds of all Visa payments and could face penalties if they don’t embrace the PCI Compliance standard.
PCI DSS, created by Visa, MasterCard and American Express and others, helps to prevent credit card fraud by placing controls around data. It applies to all organisations that hold, process, or exchange cardholder information.
The card companies can now levy fines on merchants who can’t prove they have guarded against credit card fraud through their systems. While fines are larger for bigger companies, SMBs still face tough penalties at times when they need them least.
Thought it might be useful to share that as a Level 4 merchant ie fewer than 20,000 transactions p.a. on my bank (HSBC) suggestion, I signed up for Security Metrics to run the PCI compliance testing on my website. https://www.securitymetrics.com/
Only cost £80 or so, which is a LOT less than the fees for larger companies.
It took a bit of to-ing and fro-ing to get through the self assessment questionnaire. And then to get them to lower the settings around some “security issues” that my support team disagreed with. But it’s worked in the end.
The alternative – HSBC say they’ll start fining merchants £20 a month if they haven’t done the PCI testing.
Go for it. Step by step.
Cally Robson
Founder, She’s Ingenious!
thank you for a helpful recommendation Cally.