What do you know about PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognised information security standard for organisations that store, process or transmit cardholder information. It was created in 2004 with the collaboration of five major international credit card companies to improve controls around cardholder data for the purposes of reducing credit card fraud.

If you’re a small business owner, it’s important that you understand what the compliance issues are around this security standard, and how these will help you protect your customer information – and ultimately your own business.

The fact is that small to medium enterprises in this country that do not take into account the requirements of the PCI DSS are leaving themselves open to potential data security attacks.

Level 4 businesses – those that process less than 20,000 credit card transactions per year – are considered prime targets for hackers because at the moment they are permitted to perform self-assessments. Because the businesses that fall into the Levels 2 – 4 categories may not utilize an external assessor, they are naturally more vulnerable.

What PCI DSS means for your business?

Smaller businesses clearly need to be able to process credit card data. Consequentially they tend to store this credit card data unnecessarily. At the same time they may not be in a position to ensure the security of this data by undertaking the compliance process themselves due to the costs and complexity involved.

Debitsuccess recently gained Level 1 compliance with the PCI DSS. Although we do not currently process the number of credit and debit card transactions that would mandate an external assessment to accredit the company as being Level 1 PCI DSS compliant, we have done so to protect the organisations with whom we work.

Debitsuccess handles billing for more than 1,200 businesses, making us one of the largest full service direct debit initiators in Australasia, so we take our data security very seriously. Now, we are one of just a few companies in New Zealand to meet the latest version 2.0 requirements of the PCI DSS.

While there is a significant amount of work undertaken prior to the assessment, compliance is an ongoing process involving constant vigilance beyond the time of the assessment.

As well as reinforcing our staff’s awareness of the importance of PCI DSS compliance for the business, we have also initiated monthly tests of our systems to ensure that they are watertight in terms of compliance with the Level 1 accreditation.

As more Kiwi merchants move their operations into the e-commerce arena, compliance with PCI DSS will become increasingly vital in protecting their customer data and their business.

If you would like more information about what PCI DSS compliance will mean for your business, and how Debitsuccess can help your business with PCI DSS compliant billing solutions, get in touch through our website www.debitsuccess.co.nz/contact/