Services
Procurement
Careers
Blog
Contact Us
Sales: 0203 196 6566 Support: 0203 515 5555

Services

IT Support
Managed IT Services
Cloud Technologies
IT Consulting – Network Consultancy London
IT Setup for New Business
IT Migrations
IT Relocation
IT Procurement
Cloud Backups
Cybersecurity

Home
Careers
Contact Us
Blog

Proxar - getting

IT done.

Home
Consulting
IT Support
Cloud Technologies
Managed IT
Professional IT

What is PCI DSS Compliance?

The Payment Card Industry Data Security Standard (PCI DSS Compliance) is an information security framework intended to protect cardholder data (CHD).

Created as a result of card payment processors and issuers’ concerns about data breaches, PCI DSS compliance entails a set of policies and procedures designed to prevent the misuse of cardholders personal information

Is PCI DSS Compliance mandatory in the UK?

While not a law, PCI DSS compliance is a security standard to which all businesses handling card payments must comply. Given that the vast majority of businesses handle card payments, PCI DSS compliance is effectively mandatory. Failure to comply with PCI DSS Compliance can result in financial penalties, damage to your company’s reputation, and in some cases, forced to cease trading.

[post_title]

There are different compliance levels depending on how many transactions your UK business process annually:

From an infrastructure perspective, what should I do?

Build and maintain a secure network– Install and maintain a firewall configuration to protect data
– Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data– Protect stored cardholder data
– Encrypt transmission of cardholder data across open, public networks
Implement strong access control measures– Restrict access to cardholder data by business need-to-know
– Assign a unique ID to each person with computer access
– Restrict physical access to cardholder data
Create a vulnerability management program– Use and regularly update anti-virus software or programs
– Develop and maintain secure systems and applications
Monitor and test networks regularly– Track and monitor all access to network resources and cardholder data
– Regularly test security systems and processes
Develop an information security policy– Maintain a policy that addresses information security for employees and contractors

What are the steps in order to become PCI DSS Compliant?

  1. Compliance Level
    You must identify your compliance level
  2. SAQ or ROC
    Level 2-4 Merchants – complete a Self-Assessment Questionnaire (SAQ)
    or
    Level 1 Merchants – complete an annual Report on Compliance (ROC)
  3. AOC
    Complete a formal Attestation of Compliance (AOC)
  4. Network Scan
    Complete a quarterly network scan by an Approved Scanning Vendor (ASV)
  5. Submission
    Submit the documents

Proxar IT Consulting can assist your London or UK located firm with becoming (or remaining) PCI DSS Compliant with our Network Scans. Our external vulnerability scanning services will identify security issues and holes to hackers which may be exploited. For more information please contact us