PCI-DSWHAT?

PCI-DSWHAT?

14th April 2020

It’s a mad world we live in. We can buy things with a small square of plastic which beams money from our bank account to someone else’s bank account without touching anything and then our watch buzzes to tell us what we’ve spent, where we’ve spent it, how it affects our budget and how much we’ve got left to spend. All of this happens within 5 seconds and we don’t bat an eyelid. This is normal and unremarkable in 2020.

But it is so very, very remarkable.

As a child of the 70s, I think this beaming, connected banking is better than anything Blake’s 7 could ever beam onto our wooden-framed Grundig. Well, except the Interceptor (way cooler than the USS Enterprise, btw)l. And Servalan. Who didn’t have a schoolboy crush on Servalan? You didn’t? Were your eyes just made of wood? But I digress. This is a geeky blog entry, not some insight into the mind of a 70s schoolboy.

Anyway, the point is, we now take these huge, life-changing advances in technology for granted now. There are new ways to use these smart devices arriving with disturbing regularity. What was science fiction in the 70s is now fact and in daily use in the 20s.

But how much thought do we give these payment systems? We’re presented with a card machine and we just put our card in it or waive it wistfully next to the screen and the magic happens. We give little thought to what is happening behind the scenes. Thankfully, though, the Payment Card Industry has it all taken care of and they even protect us through Data Storage Standards. Sounds brilliant, doesn’t it? Well it is. And it isn’t.

Payment Card Industry Data Storage Standards (PCI-DSS) apply to anyone who has a card machine to take card payments from us. These 12 requirements are what every organisation who takes card payments from us MUST adhere to. The problem is, many organisations who have card machines don’t realise that they must comply. Well, that is until they report that they’ve been hacked. Then the non-compliance train hits them like, well, an energy bolt from the Interceptor.

The payment brands (Visa, Mastercard, American Express, Discover and JCB) take a dim view to anyone reporting a breach and the fines they can apply can be crippling. Many organisations don’t have a Card Data Environment (CDE) - they’ve just stuck their card-reader on the WiFi and thought nothing more of it. Many just have that BT HomeHub as their firewall and think that everything is just fine. They’ve had their external scan so they are PCI-DSS-compliant in their view. Unfortunately, that’s far from the case.

Fortunately, we’ve got a lot of experience in ensuring that our clients can prove that they are PCI-DSS compliant and, touch wood, none of them have ever needed to prove it. We’ve seen many of the horror stories of what people think compliance looks like and can help you achieve compliance, quickly and easily, even if you think the problem is insurmountable.

So if you’re running a business that takes card payments and you’re now starting to wonder just what this blog is about, you really should pick up that phone and give us a call on 01673 898001 to get things moving and your card data protected.

Stuart
Written by Stuart Green - Managing Director