Deal or no deal Brexit, PCI DSS compliance remains the same

With the UK’s departure from the EU just around the corner, many businesses are wondering with uncertainty what future trading of goods and services with European customers will entail. As talks between leaders continue (at the time of writing), businesses are being advised to put in place procedures and practices to ensure a smooth transition to a new trading and operating environment, whatever it may be.

But while much will change for those businesses that trade overseas, whatever the outcome, be it a deal or no deal scenario, there are some systems, requirements and responsibilities that will remain the same – PCI DSS compliance being one of them. Here’s a reminder of the key points you need to remember:

  1. PCI DSS compliance was established by the major global payment card brands and applies to every business that stores, processes or transmits cardholder data, regardless of its size or industry – so every retailer, online seller, service provider and contact centre should have policies and procedures in place to protect their clients – whether they are from the UK or beyond – from the risks associated with card fraud and data theft.
  2. The extent of your business’s PCI compliance obligations is based on the number of transactions it processes annually. There are four levels of compliance, with Level 4 applying to merchants that process fewer than 20,000 transactions annually, up to Level 1 applying to those that process over six million. For those businesses that fall within Levels 2 to 4, compliance is achieved through a process of self-assessment. For those that fall into the Level 1 category, more rigorous and in-depth assessments take place involving external audits and reporting.
  3. Being PCI compliant is an ongoing process, not an annual tick box exercise. It includes the frequent monitoring and testing of systems and networks, ongoing training for employees on security policies and protecting cardholder data and ensuring that anti-virus software or programs are updated regularly.
  4. Failure to comply with PCI DSS which then results in a data breach will undoubtedly result in a substantial fine and more seriously, cause irreversible damage to your brand. Today’s consumers have high expectations when it comes to the protection of their personal and payment data – a breakdown of trust between your business and your customers will ultimately lead them to your competitors.

Here at PCI Telecom, we create and maintain card payment processing solutions, for card-not-present transactions made over the phone or online, that are bespoke to your business whatever its shape and size. Our solutions are cost effective, flexible, robust and cloud-based so there is no need for bulky bits of equipment to be installed. They are also accredited to a PCI DSS Level 1 standard so you can descope your business of much of its PCI compliance requirements leaving you the time and resources to focus on managing the day-to-day running of your business and delivery to your customer. For more information, visit our Solutions page or alternatively get in touch here or by using our webchat function over on the right.

You can find out more about the Brexit transition and what your business needs to do to prepare by visiting www.gov.uk/transition

More information on PCI DSS compliance can be obtained by visiting the Payment Card Industry Security Standards Council (PCI SSC) website here.