we care more…
08450 740 068
Xanthos Limited
Unit 2 Clive Court
Bartholomew's Walk
Cambridgeshire Business Park

Payment Card Industry (PCI) Compliance

Protect your customers and your business with PCI Compliance

Protecting your customers and yourself from credit card fraud is a major consideration in ecommerce. Any business accepting online credit card payments needs to consider whether they need to be PCI DSS compliant. PCI DSS has been developed to combat online credit card fraud.

Payment Card Industry Data Security Standard (PCI DSS) aims to protect the individual’s personal information through proper security when credit card transactions are processed. The PCI DSS was set up by the Payment Card Industry Security Standards Council. The founder members of the Council include American Express, MasterCard and Visa.

The risks without PCI Compliance

The risk to your business of credit card fraud is high. There has been a significant increase in online fraud. The impact of fraud is not only a loss of revenue but could mean that your business suffers:
  • A fine imposed by your bank
  • A forensic investigation that you will have to fund
  • A reclassification of your merchant status
  • A major loss of faith by your customers – which could fatally damage your business

6 requirements of PCI DSS

Under PCI DSS, you as the merchant must:

1. Build and maintain a secure network 

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor supplied defaults for system passwords and other security parameters.

2. Protect cardholder data 

  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.

3. Maintain a vulnerability management programme 

  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.

4. Implement strong access control measures 

  • Restrict access to cardholder data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.

5. Regularly monitor and test networks 

  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.

6. Maintain an information security policy 

  • Maintain a policy that addresses information security.

PCI for ecommerce

The major elements of PCI compliance that affect ecommerce are:

Storing the Card Verification Value (CVV) number is prohibited. You are not allowed to store the three-digit CVV number under any circumstances.

Protecting the primary account number (PAN). PAN is the 14 or 16 digit code across the front of the credit card. This has to be available to those with a need to access it, otherwise it must be masked. The PAN must be encrypted when stored and when transmitted.

Compliance with the Payment Application Data Security Standard (PA DSS). This applies to all third party ecommerce software. It sets out the security requirements for processing credit card transactions. Your ecommerce software must be PA DSS compliant.

Helping you achieve PCI Compliance

Protecting your customers’ data is central to how Xanthos creates and launches your ecommerce website. Xanthos only works with PA DSS compliant ecommerce software to make sure that your store is safe and secure.

We also only work with PCI DSS certified web hosting providers. If you'd like to find out more about our hosting service or have us walk you through PCI Compliance, get in touch