Have you ever gone to a restaurant and, lacking any physical cash on your person, decided to pay for the meal with your debit card? How about when you’ve needed to buy emergency groceries that you haven’t thought to budget for, thus forcing you to use a credit card? Or have you ever gone on holiday and decided to purchase a prepaid cash passport instead of travellers’ cheques? Chances are, this being the 21st century and there being a good chance that you are not Amish, you probably have at least one or even two of these things. What do all these things have in common? They’re all part of the Payment Card Industry, or PCI for short.
PCI Compliance is essentially a set of rules or regulations set up by the Payment Cards Industry Security Standards Council that is intended to protect the identity and financial security of those who use electronic payments. Simply to differentiate it from the international PCI, it shall hence be referred to as PCI Compliance UK. Pretty much anyone and everyone who wishes to use credit cards or debit cards and such for transactions must agree to the PCI Compliance, UK merchants and banks not least of all. Failure to meet the standards set forth can result in fines, penalties that make transactions through electronic payment more difficult, or even the loss of the ability to use credit cards at all. Given that the PCISSC is comprised of the biggest credit card companies on the globe, there isn’t much anyone can do to object.
There are five levels, dubbed “merchant levels”, that help regulate the sort of PCI Compliance UK traders and merchants can expect to be placed under. All levels require a quarterly security scan to ensure that they’re all on the level.
Rest assured that this isn’t just an example of evil corporatism muscling down on the little guy. The PCI is intended to help ensure that people entering into commercial transactions are fully protected and their financial security assured.
As such, PCI Compliance UK demands that merchants and business operate under the following procedures.
- That they build and maintain a secure IT network.
- That they protect cardholder information
- They possess and support a vulnerability management programme
- Implement strong access control measures
- They frequently test their security systems
- They maintain a codified policy regarding their information
These are sometimes summarised as the “Twelve Standards”, but in truth there are a myriad of clauses, subclauses, sub-paragraph ii’s, section E’s and all other kinds of bureaucratic offshoots. Likewise self-assessment tests have around 50 checks that must be performed.