PCI DSS

PCI Compliance enquiry line: 0161 209 5166 - assurance@nccgroup.com

The Payment Card Industry Data Security Standard (PCI DSS) was implemented collectively by the Payment Card Industry in response to increased credit card fraud and identity theft, in order to stem losses by the card providers and improve consumer confidence. The PCI DSS was designed to not only address the most common consumer fears over making credit card transactions, but also to ensure that the “merchants” who process credit card transactions become more accountable for their own risk.

Every organisation that accepts payments by credit card has been required since June 2007 as a “merchant” to comply with the PCI DSS. This affects a wide range of organisations, including retailers, leisure providers, publishers, service providers, local authorities and charities.

Where cardholder data is compromised, organisations who are unable to demonstrate compliance with the PCI DSS may now be liable for losses that arise from the security breach and face the prospect of substantial fines imposed by the card schemes or being permanently barred from the card acceptance programme.

To avoid being penalised, it is essential that you act now to ensure your organisation is – and stays – compliant with the PCI DSS.

How NCC Group can help

As a leading independent provider of consultancy and security testing services specialising in helping organisations protect themselves from information security threats, and as a Payment Card Industry Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV), NCC Group is ideally placed to advise on PCI DSS and has developed a one-stop PCI DSS solution.  

Our one-stop PCI DSS solution helps organisations to:

■      Identify the many different means of payment by debit or credit card your organisation offers its customers - these can include EPOS, automated voice payment, online, electronic payment kiosks and by phone through contact centres. All of these different payment methods will have a different impact on achieving compliance with the standard.

■      Identify the many different areas where payments are being made – most commonly through individual stores/outlets/branches, online, by phone through contact centres, by direct debit, through direct TV channels and by mobile phone. In the public sector, the list will include an even wider range, including schools, theatres, leisure centres, libraries, one-stop-shops and car parks.

■      Identify how cardholder information is processed within the various systems, the links from the organisation to its acquiring bank, links to other service providers (e.g. Worldpay) for the processing of financial transactions.

■      Ensure compliance of applications that are processing financial information (e.g. e-payments via a web-based service)

We are currently working with many organisations – such as Cineworld, Slough Borough Council and London Borough of Brent - to help them to achieve compliance.

For more information please click here.

Contact

For more information on how we can help you to ensure your organisation becomes – and stays – compliant, contact our PCI enquiry team on +44 (0)161 209 5166 or at pci@nccgroup.com.

PA-DSS

What about software vendors and developers?

With an increased awareness of PCI-DSS, the spotlight has now turned towards payment application software vendors and developers, in order to cover all parts of the payment process and standardise security requirements across the board.

The Payment Application Data Security Standard (PA-DSS) applies to software vendors and others who develop payment applications that store, process or transmit cardholder data as part of authorisation or settlement where these payment applications are sold or distributed by third parties.

Payment software vendors need to comply with the requirements of PA-DSS and PABP in order for merchants to use their products to process credit card transactions.

Our experienced team of QSA accredited Information Security testing and consultancy professionals has carried out thousands of consultancy and security testing assignments for clients including; international banks, regulators, on-line retailers and key central and local government bodies.

For further information regarding our PA-DSS services please click here