Skip To The Main Content

How to secure and protect your customers' payment data

Security, data management and protection have become vital issues that small businesses must be aware of and capable of mastering.

Dealing with customer and client transactions means valuable data is being stored and accessed, and the responsibilities for a small business should not be taken lightly.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of mandatory requirements which any business using card information must follow. This helps protect your customers’ card information from fraud and it can also benefit your business by helping prevent any financial or reputational loss resulting from a data breach. 

To become PCI DSS compliant you need to complete the validation process using a compliance programme every year to check that you’re continuing to accept card payments safely and securely. The validation process includes 12 requirements which cover areas such as maintaining secure networks, creating strong passwords and access control measures, and regularly testing your security settings. 

If you fail to meet these requirements, the card schemes can fine your business should you suffer a data breach. That’s why it’s a good idea to keep your PCI DSS compliance up-to-date. 

PCI DSS compliance applies to any business that takes any credit or debit card transactions, even if it’s only a few each year or low value, or even if you just store, process or transmit card information. You will also need to become compliant if you outsource your payments to a third party. 

What does it cost?

There is a basic fee which covers the initial and ongoing costs of managing your PCI DSS compliance. On top of this, you may need additional scans or assessments depending on your business which could cost more.

IP scans – If you transmit card data over the internet you’ll need to successfully complete a vulnerability “IP Scan” to check the public-facing elements of your network for any potential security weaknesses that could leave to an Account Data Compromise. 

Verbal assessment – In some cases you may need to speak to an advisor over the phone as part of your PCI DSS assessment.  

Becoming PCI DSS compliant

 
It’s not as complicated as it all sounds to become PCI DSS compliant. In most cases you can complete the validation process in as little as 30 minutes. Often this will depend on the industry you’re trading in and the size of your business. 

To find out the compliance programmes, such as Worldpay’s SaferPayments programme, we recommend you have a look at the PCI Security Standards Council website at www.pcisecuritystandards.org

For more information about FSB card payment processing go to www.fsb.org.uk/benefits/finance/fsb-card-payment-processing