Online Marketing

Online Marketing by Xanthos

Online Marketing

Search Engine Optimisation (SEO)

Pay Per Click (PPC)

Email Marketing Services

Social Media Marketing

Web Analytics

Websites

Online Marketing by Xanthos

Websites

Web Design

Website Development

Content Management Systems (CMS)

Wireframing

 

eCommerce

Online Marketing by Xanthos

 

eCommerce

PCI Compliance

 

Contact Us

Contact Us

Contact us to find out how we can improve your turnover through online marketing.

Portfolio

View our Portfolio

View our portfolio of existing clients now

Free Newsletter

Sign up for your monthly newsletter jam-packed full of online marketing tips and advice, now!


PCI DSS

Protect your customers and your business from credit card fraud!

Every business has to obtain payment from its customers. E-commerce depends on card payment. So your business has to be able to manage credit card payments effectively.

That means you have to protect your customers and your business from card fraud.

To do that, your business needs to comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS has been developed to combat payment card fraud on the Internet and to make cardholder data more secure.

What’s the point of PCI DSS?

The PCI DSS was set up by the Payment Card Industry Security Standards Council. The founder members of the Council include American Express, MasterCard and Visa. Their objective in creating the standard was to improve the security of cardholder data on a global basis.

Requirements of PCI DSS

Under PCI DSS, you as the merchant must:

Build and maintain a secure network

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor supplied defaults for system passwords and other security parameters.

Protect cardholder data

  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Programme

  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.

Implement strong access control measures

  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data

Regularly monitor and test networks

  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes

Maintain an information security policy

  • Maintain a policy that addresses information security.

PCI for Selling Online

The major elements of PCI compliance that affect e-commerce are:

Storing the Card Verification Value (CVV) number is prohibited. You are not allowed to store the three-digit CVV number under any circumstances.


Protecting the primary account number (PAN).   PAN is the 14 or 16 digit code across the front of the credit card. This has to be available to those with a need to access it, otherwise it must be masked. The PAN must be encrypted when stored and when transmitted.

Compliance with the Payment Application Data Security Standard (PA DSS). This applies to all third party e-commerce software. It sets out the security requirements for processing credit card transactions. Your e-commerce software must be PA DSS compliant.

Why does PCI DSS matter to your business?


Compliance. If your company takes online credit card payments, or if your customers pay by credit or debit card, you have to comply with PCI DSS. If you fail to comply, you may be prevented from taking payments by credit card. In the event of non-compliance, banks will often impose fines running into thousands of pounds. For any online business, there is no real alternative to compliance with PCI DSS.
Reputation. How you treat cardholder data will affect the way your customers see you. If thieves take advantage of lax security measures, then incidents of card fraud will end up damaging your company. If you care about your company’s reputation then you need to adopt PCI DSS.

How will you achieve PCI compliance?

Xanthos sees protecting customer data as vital to building and running a successful website As a leading online marketing company, Xanthos can help you to select appropriate e-commerce software that complies with PA DSS (the Payment Application Data Security Standard). Link to new e-commerce page.

Xanthos works closely with its partner firm IT Governance, who are specialists in compliance and information security. IT Governance offers expert guidance on PCI DSS through its consultancy service, and provides a support service for businesses seeking to comply with PCI DSS.

Need help with PCI compliance?

(This link will open in a new window and take you to IT Governance's website)