PCI DSS Compliance FAQs
FAQs About PCI DSS Compliance
What is PCI DSS?
PCI DSS is an internationally recognised information security standard designed specifically to apply to organisations that handle credit card data.
The PCI DSS was created to ensure that businesses can process credit and debit card payments securely, protecting businesses and consumers and reducing the likelihood of card fraud.
What is a PCI QSA?
A PCI QSA is a Qualified Security Assessor, they are individuals who are certified to assess merchants and service providers against the standard and provide a formal report on compliance.
Who needs to comply with PCI DSS?
Any organisation that processes card data must comply with PCI DSS. Merchants are usually businesses taking payment for a service they sell, such as a retailer or call centre.
Depending on how a merchant processes card payments, and how many transactions they process per year, requirements for demonstrating compliance with PCI DSS will vary. PCI DSS can also apply to organisations that provide services to businesses that handle credit card data, such as data centres and managed service providers.
This is true even if the service provider does not process card payments or access credit card information. As well as supporting their own customer’s PCI DSS compliance, service providers can differentiate themselves from their competition by becoming compliant with PCI DSS.
Why is PCI Compliance important?
Complying with the PCI DSS allows your organisation to demonstrate your commitment to maintaining a secure environment for your customers. Your organisation can also reduce the risk of a breach of credit card data by:
• Implementing PCI DSS controls appropriate to how you store, process, and transmit cardholder data.
• Engaging a QSA to independently validate your compliance.
• Maintaining PCI DSS requirements as business as usual.
What are the penalties for non-compliance with the PCI DSS?
Any organisation that handles credit card data but fails to comply with PCI DSS is at risk of several financial and reputational consequences.
• Non-compliance fees – a regular fine from your bank for failing to be compliant.
• Reputational damage in the event of a breach.
• Inability to process payments.
• GDPR and DPA-related fines in the event of a breach.
• Fines from your bank in the event of a breach.
To help reduce risk and avoid penalties as a result of a breach or non-compliance, organisations must understand how they store, process, and transmit credit card data, and ensure that all applicable requirements of PCI DSS are in place.
Learn more about how LRQA can support your Cyber security needs
