Give your business and your customers the best Christmas present this year – PCI compliance!

As we all hit the streets, the web and our phones to buy Christmas gifts, we’re possibly treating our payment card purchases with a little more concern and care than we gave them this time last year, and with good reason. According to the Financial Fraud Action UK, types of fraud where the card holder is not present (phone, online or by mail order purchases) have seen a 23 per cent year-on-year rise.  And a staggering total of £185 million of fraud losses were recorded on UK cards between January and June 2012.

Consumers are becoming more aware of fraud and how their personal data is stored and used, so the way in which you securely handle your customer’s payments over any payment method, is becoming increasingly important to them. Two of the main risk areas for data breaches are internal staff access and external phone or network hacking. When customer data falls into the wrong hands, it can potentially spell disaster for the reputation and success of your business. 

But help is at hand…

The Payment Card Industry Data Security Standards (PCI DSS) provides a set of security rules and practices that all businesses must adhere to if they want to continue accepting credit and debit cards from their customers. These rules help business to ensure their customers’ card information is handled securely and disposed of promptly. Following these rules minimises the risk of fraud and they are enforced by the card organisation via fines (up to £500,000 for holding sensitive payment card data) and potentially withdrawal of your transaction services.

So if your business is taking payments over the phone or website this Christmas or will be in the New Year, then PCI Compliance is an absolute must. As a starter, here are 12 PCI requirements - one for each day of Christmas:

The 12 PCI Requirements:

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Physically and logically protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for employees and contractors

And that’s just systems and processes… what about the people?

Your customer facing staff are both the most important asset to your organisation and the biggest risk when it comes to card information. They are also one of the toughest areas to secure without making their work life challenging.
Fortunately systems are now available that not only help eliminate card data from your IT systems but also allow staff to take payments over the phone without accessing card data.

By capturing payment via the touchtone keypad and blanking the tones heard by the staff member, payments can be handled simply without any significant changes how they interact with the customer. The staff member just adds the customer details and the amount to pay, and confirms the payment with the customer. The customers feel more at ease that they are not relaying their card details to a stranger at the other end of the phone, or anyone else in earshot…

Happy secure customers, protected productive business and peace of mind that your compliance needs for card payments are met without complex systems integration.

So have a great start to a happy and prosperous 2014.