Failure to meet the standard leaves you with potential fines per infringement. Your business could be identified as having suffered a breach of card and customer data or be reported to the PCI SSC by any number of stakeholders. This can lead to an invasive forensic investigation into your business and its compliancy practices.

You will be liable for the full cost of a forensic investigation (often running into thousands of pounds) should you be found to have broken PCI DSS regulations or had an actual data breach.

Although financial penalties could significantly impact your cashflow, the potential reputational damage suffered could be irreversible. Worse still, if the investigation finds a serious breach, your business could be barred from the card acceptance programme altogether.

If you hold card information post authorisation then your business requires a quarterly scan by a PCI SCC Approved Scanning Vendor. These vulnerability scans are also known as penetration tests. Failure to comply or update systems that have failed a scan/test can result in a forensic investigation. A vulnerability scan is an automated tool that checks your merchant systems for vulnerabilities or weaknesses. These non-intrusive scans are designed to highlight the potential for hackers to intercept or target your organisations systems.

To be compliant, your businesses must demonstrate an ongoing level of security awareness showing they understand that losing or siphoning card information is more highly regarded than that of a non-compliant organisation. Hosted solutions provide a way of reducing the number of requirements that are relevant for your businesses PCI DSS processes. The easiest way to achieve this is to pass the responsibility over to a third party provider or solution. This often dramatically reduces overheads assigned to PCI DSS whilst also increasing the level of PCI compliance your business can operate at (for example using a Level One compliant solution).

Also known as ‘Verified by Visa’ and ‘MasterCard Secure Code’, the 3D-Secure XML-based protocol authentication is an additional layer of security surrounding online payments on VISA, VISA DEBIT, MASTERCARD, MASTERCARD DEBIT, INTERNATIONAL MAESTRO, UK MAESTRO and VISA ELECTRON. Our 3D-Secure technology is designed to reduce the possibility of fraudulent card use by authenticating the cardholder at the actual time of the transaction. This creates a liability shift from your business (acting as the merchant) to the acquiring bank.

Interactive Voice Response services (or IVRs) are hosted solutions designed to manage the interaction between humans and computers over voice and DTMF channels. An IVR allows attended calls to be routed to specific target destinations, retain and store data, calculate and respond to inputted data and provide information to callers without relying on a human at the other end of the call. They are highly efficient in the automated processing of card payments, appointments, real-time information and emergency information as they are often fully integrated directly with databases or computers.

Many PCI DSS products or solutions require an element of hardware adjustment on-site. This can often involve detailed updates to your PBX, servers, cabling, handsets and more. It can take many hours to complete and when updates or changes are required in the future, another on-site visit is required with some or all of the original interferences re-affected. There are often significant CAPEX costs and OPEX maintenance contracts with poor Service Level Agreements (SLAs) due to the requirement always being to have a person on-site. Depreciation is also a major factor when installing hardware with an obvious end-of-life juncture after a given period. Implementing a hosted solution gives flexibility, provides ongoing improvements in technology, has very little CAPEX, does not require hardware changes on-site, does not require PBX changes and provides very efficient SLAs due to the solution(s) being accessible in a cloud environment at any time.

A card not present transaction is a payment made where the cardholder does not or cannot physically present the card for a merchant’s visual examination at the time the request is given and potentially processed. These usually apply to mail-order transactions performed by mail, fax, telephone or the internet (online).