Security of payment card data is crucial in the online world. The standard to protect card data is the Payment Card Industry Data Security Standard (PCI DSS). This is a joint venture between Visa and Mastercard, supported by all banks.

Compliance with this standard is compulsory for all merchants who accept payment cards. You must be PCI DSS compliant if you handle, process or store payment card details either on computer or on paper. There are severe penalties if card information is compromised as a result of non-conformance with PCI DSS. As part of your agreement with your acquirer, you agree to these penalties.

You can become PCI DSS compliant in one of two ways.

Firstly, you can become compliant yourself. In practice, this is rather complicated, difficult and expensive. Requirements include physically restricting access to cardholder data; using non Windows-standard security measures; and defining, implementing and monitoring security procedures that meet specific required standards. For the majority of small businesses, achieving compliance will probably not be practical or cost-effective.

Alternatively, you can have your customers and staff enter card details only into sites and systems supplied by a third party who are themselves PCI DSS compliant.

Even if your buyer enters their payment details into a page at your web site and passes them to a PCI DSS compliant PSP, your web site must still be fully PCI DSS compliant, as you are collecting the card details and passing them on. This is because any compromise of your web site would lead to a rogue third party being able to acquire the card details.

The Creditcall infrastructure (which powers Actinic Payments) has been accredited by qualified security assessors to the highest possible standard available under the PCI DSS scheme. Therefore, using Actinic Payments ensures that all servers where you or your customers key in payment card details are PCI DSS compliant.

Please contact our sales team if you wish to see a copy of Creditcall’s PCI certificate

Please note that there is some disagreement between the banks and security companies as to whether a company is compliant if they use a compliant payment service provider (PSP) such as Actinic Payments powered by Creditcall.

Royal Bank of Scotland/Natwest/Streamline and HBOS have made clear statements that a merchant can depend on the compliance of their PSP. We are in the process of trying to obtain similar statements from other banks. If you are concerned, contact Actinic and we should be able to arrange for you to move to one of the banks with a straightforward and pragmatic policy in this area - and in some cases you will receive reduced rates at the same time.

For more information on PCI-DSS:

https://www.pcisecuritystandards.org/ (the official body responsible for PCI-DSS)
http://forum.pcianswers.com/ (discussion forum about PCI-DSS)

 

PCI DSS compliance of Actinic products and services >>

Actinic USA, Canada and South America Actinic France Actinic South Africa Actinic New Zealand