PCI DSS - E-commerce credit card security

PCI DSS - What is it?

The PCI DSS is a standard for the handling of payment card data originally created by Visa, Mastercard and other payment card companies and now managed by the PCI Security Standards Council.

How does it affect me?

As a consumer, once a transaction is processed on a website, our credit card details are never saved, or if they are, they are kept very safe and only with our consent. PCI DSS ensures that any company that handles credit card data has taken the necessary care to ensure that the information is handled in the appropriate manner. As a company, if you handle credit card data, then you have an obligation under the new standards to comply. The dates for enforcement are unclear, but Visa and Mastercard are forcing their customers (the banks) to put the pressure on you (the merchants) to make sure you have followed the guidelines.

When will it happen?

An increasing number of e-commerce site owners are receiving letters from their bank or merchant account provider warning them that they need to prove their compliance with the Payment Card Industry Data Security Standard (PCI DSS) card security standard. These letters often carry a warning that merchant facilities may be withdrawn if the merchant does not comply with the bank's requirements, and that fines can be passed on to the merchant in the event of a data breach.

I have an e-commerce site, what do I have to do about PCI DSS?

TJS have investigated the mechanisms for compliance and  identified that there are four levels within which merchants are classified:
  • Level 1: processing more than 6 million Visa or MasterCard transactions per year. Need to undergo an annual on-site audit and a network security scan
  • Level 2: processing between 1 million and 6 million Visa or MasterCard transactions per year. Need to undergo an annual on-site audit and a network security scan
  • Level 3: processing between 20,000 and a million e-commerce Visa or MasterCard transactions per year. Complete a self-assessment questionnaire and undergo a network security scan
  • Level 4: processing fewer than 20,000 e-commerce Visa or MasterCard transactions per year, or up to a million non-e-commerce Visa or MasterCard transactions per year. Complete a self-assessment questionnaire and undergo a network security scan
TJS are experts in e-commerce and can guide you through the requirements for the PCI DSS compliance of your e-commerce site. This may only be providing you with a server certification, or you may need us to help complete your questionnaire. Whatever your concern, we're here to help. For advice on audits, self-assessment questionnaire, PCI DSS scans or any other aspect of PCI DSS please contact us about PCI DSS compliance.