Becoming PCI DSS compliance
Attesting your compliance
Regardless of how you become compliant, everyone must attest to Barclaycard that they are compliant with PCI DSS. Log in to our online portal where you'll find more details of what you need to tell us. You then have three options:
3. If you're not using Barclaycard to be compliant with PCI DSS, then upload your exisitng compliance documents on the DSM online portal. These are:
4. If you choose to become compliant through a third-party supplier then you'll still need to let us know through the DSM portal, otherwise you'll be charged a non-compliance fee of £25 per month per outlet.
We will only accept documents that have been approved by a registered and Qualified Security Assessor (QSA) company. You can check the PCI Security Standards Council website for further information.
Proving you’re compliant is just the start. Maintaining compliance means staying on top of any changes in your business. Some things to consider are:
New employees - have they been trained to look after customers' data?
Software updates - have all critical software patches been updated as recommended by your software supplier?
Taking payments - are you offering a new way to pay e.g. online?
New premises - are you taking payments in another location too?
Security arrangements – have these changed?
Any changes in your business will mean you need to re-attest your compliance for things such as taking online payments etc.
Keeping it compliant day-to-day
- To meet industry standards and be sure that you’re looking after your customers’ data securely, you need to follow certain steps – these depend on your business type and particular industry standards.
Protect the data environment:
Protect data access: