What is PCI DSS?

The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard created by the major card schemes with the intention of reducing the risk of payment card fraud. It sets out a minimum set of security controls with which all businesses and organisations that handle payment card transactions are required to comply.

You can learn more about PCI DSS and other payment card standards on the PCI Security Standards Council (SSC) website at www.pcisecuritystandards.org

How does it affect me?

As a retailer handling payment cards, you’re responsible for complying with the PCI DSS and confirming compliance to your acquirer. Not doing so will mean facing an extra non-compliance charge being added to your service fees while you remain non-compliant, and if you suffer a card data breach whilst non-compliant you risk significant financial penalties and the possibility of losing your ability to accept card payments.

How do I confirm PCI DSS compliance?

You’ll need to undergo a PCI DSS assessment. In most cases, this will involve completing a Self-Assessment Questionnaire (SAQ) from the PCI Security Standards Council (SSC) and submitting the result to your acquirer. There are however many different types of questionnaire, each with a differing number and complexity of security requirements to be met depending on the type of payment service you are using, the number of transactions you process, and the ways in which you handle the payment.

You can do all of this yourself if you wish and you feel comfortable doing so, or you can engage the services of a dedicated professional to handle it all for you. The more of the payment journey that you are involved in, the more security controls you must implement and report on, and the more effort and expense you need to make to do so.

Can PayPoint help me with my PCI DSS liability?

By using PayPoint equipment and services, your PCI DSS compliance scope and responsibility is significantly reduced. Large amounts of it become our responsibility instead, leaving you with a greatly smaller and simpler set of questions to answer.

Can PayPoint help me with my assessment?

If your acquirer is Lloyds Cardnet, we have worked with them to provide an assisted online version of the correct Self-Assessment Questionnaire for your use specifically tailored for PayPoint retailers, with many of the questions pre-answered for you. You can use it to complete and submit your PCI DSS questionnaire simply and quickly, typically in just a few minutes.

To use this feature, have your Merchant ID details ready and visit https://www.lloydsbankcardnetpcidss.com/safemaker/login

If you have any further questions on any of the above, or if you need help, advice or assistance around you PCI DSS efforts, please don’t hesitate to get in touch using the Contact Us link on this website.