Whether you're interested in the smaller business community, are planning to start a business or have an existing business, we have a package for you.
Compare Packages
Our most popular package is FSB Business Essentials which includes a whole range of benefits and products designed to make your business fly
A suite of legal benefits including a dedicated helpline, bundled insurance products and a range of online information to keep your business safe. Plus a whole range of negotiated benefits to help save you money and win business.
Our Business Creation package is designed to make starting a business simpler, allowing you time to focus on what's important - making it a success.
Specialist company formation benefits, access to FSB networking, business banking and a range of products to help get you setup in business.
Whatever your circumstances, we have a package to suit you and your business. Click the button below to see which benefits are included in each package and start your FSB journey.
'I just felt wow, I want to be part of this organisation so I joined.'
Read More
'Having someone there like the FSB who you can just call on for those other things you’re not quite sure on, it’s been invaluable.'
'What you can save by taking up some of the membership offers will save you your membership fee.'
We represent a diverse range of businesses from retailers to marketing agencies and just about everything in between. Take a look at more member stories and see how we could help your business fly.
More Member Stories
We offer three packages to suit your business needs. Joining FSB Connect is free, our Business Essentials package starts at £172.50 in the first year and our specialist Business Creation package has a fixed price of £129.
PCI compliance for business is all about your processing of debit / credit card payments, and ensuring your business is handling and storing the data according to certain regulations. In the most basic sense, if your business accepts card payments in any fashion, you must become PCI compliant.
However, it’s also true that PCI compliance is not a legal requirement. Instead, fines for data breaches would be given to the banks by the providers who make up the Security Standards Council: American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.
If your business isn’t compliant and there’s a data breach, your bank provider could choose to pass these fines onto you, or terminate your business bank account entirely, as you are seen as posing a significant risk of customer data leaking.
With that in mind, however difficult it may seem to become PCI compliant, the risks of not being compliant are far more impactful to your business than you may anticipate.
Barring the financial penalties, the reasons you should pursue PCI compliance are twofold:
Firstly, it gives financial institutions confidence in your business as one that protects the public’s data, which increases public confidence in the reputations of the financial institutions and your business.
Secondly, it is because the loss of credibility and trust that would follow a security breach would be immensely damaging at every level.
Putting customers’ credit at risk causes them long-term problems, and they may choose to spend their money with other, more secure, businesses. The leaking of their data also causes reputational damage to the financial institutions involved, which is why they are keen to ensure data is in safe hands and dealt with responsibly.
In the journey to becoming PCI compliant, there are 12 steps you must complete, which the SSC separate into 6 separate goals.
The core of the first goal is ensuring that access to your systems is protected in a number of ways. Your business should have a firewall policy in place that should also be tested frequently to ensure its strength and ability to protect any data you hold.
The SSC also suggest that vendor-supplied passwords for any hardware or software are changed immediately to unique and secure passwords that cannot be simply guessed, as default passwords usually are. To further this security provision, they also suggest updating the passwords once every 90 days at least.
The second goal is mainly if you are a business that does choose to actively store any cardholder data, for example in a database or physically in a locked filing cabinet. It is recommended, however, that you do not store any card data unless you absolutely must. Any data that you do hold on site becomes a risk if you aren’t fully PCI compliant at any point, which would lead to large fines and customers losing faith in you as a business.
You should also never keep data such as customer’s PIN or card validation codes at any time. To keep cardholder data protected, you should combine virtual and physical safety measures. Passwords and authentication procedures, for example, cover the virtual measures, while locked cabinets and limited access to the server would cover physical measures.
You should also ensure that you encrypt the transmission of all data. Doing so ensures that anyone who does not have the correct cipher will not be able to read the data that has been encrypted, making this a vital security measure.
To maintain a Vulnerability Management Program, you need to have a robust anti-virus system in place. You should be continually scanning your software for any malicious viruses, and continually updating your anti-virus software to ensure that it can stop newer viruses.
This also means that all your card payment systems should be made secure, such as by your card payment provider continually updating their systems to halt any security exploits. By keeping yourself prepared at all times, instead of having to react to breaches, you can ensure that every step of the payment process is secure at all times.
This goal is essentially making sure that only those who have a definite need to access cardholder data can do so. The theory is that the fewer people there are who can access the data, the lower the chance of any breach. All your staff should be provided with a unique ID for computer access, and should follow all best practise guidelines, such as authorisation and frequent password resets.
If you hold your data offsite, this step is still a necessary requirement. It just means that your provider is the one who should limit access to any data instead of your business. Just because it is held offsite does not mean they are able to provide a lower level of security. The third party provider still must ensure sufficient security every step of the way.
While you should make sure that only the necessary people have access to cardholder data, you still should track who accesses the data and when. If a security breach does happen, having accurate logging systems in place may help your provider find the root cause and fix it as soon as possible. Regular testing also helps to constantly keep customers and businesses safe in the knowledge that the network, and the cardholder data held in it, is fully secure.
Becoming PCI compliant is a big undertaking, and may feel like a lot of work. FSB can provide you with a range of benefits that will improve the state of your business’s card payment systems, such as:
If you’d like to find out more, take a look at our Card Payment Processing page, or speak to a member of our team.
Provided by Worldpay, the UK’s leading payments provider, FSB Payments can help you wherever you’re doing business – face-to-face, online, over the phone or by email.