What is PCI and do I need it?

tim-dunton .

Payment Card Industry Data Security Standards or PCI DSS is a set of security standards for organisations that handle or store credit/debit card information. These standards are defined by The Payment Industry Standards Council to better protect cardholders from fraud.

Currently any web site that allows customers to input their card details, such as ecommerce sites needs to be compliant to the PCI DSS standards. If the web site redirects customers to a third party payment provider like WorldPay, PayPal or SagePay then they do not need to comply as the companies themselves handle the payment security. If you’re unsure if you need to comply with DSS feel free to ask us and we will be happy to advise you.

Once you have confirmed if your company needs to comply by PCI DSS then you can approach organisations like Security Metrics (www.securitymetrics.com) or TrustWave (www.trustwave.com) to test your site compliance. These companies will produce a report based on an independent scan on your web site that comprehensively tests for any vulnerabilities.

Usually you will need to make some changes to your web site and hosting before you will receive a successful report. These changes may include updating software, tightening up your firewall or possibly making changes to your web site.

Once you have passed your initial scan the security organisation will run a regular report, usually once a month.  The PCI DSS standards change fairly regularly so be prepared to make changes every few months to remain compliant.

Nimbus Hosting will make sure your server always complies with PCI DSS with any of our managed hosting packages.

×