PCI DSS compliance
Get ready for the latest version of PCI DSS
In March 2022, the PCI SSC released the latest version of the PCI DSS, known as PCI DSS v4.0. It will replace v3.2.1 on 31 March 2024. From that date, you’ll need to meet the requirements set out in the new standard. Depending on how you take payments from your customers, the changes may impact you in different ways.
Once you’ve done this, scroll on to read how you can attest your compliance using the Data Security Manager portal (DSM) – and stay on top of any changes in your business.
Barclaycard Payments will switch-over to PCI DSS v4 on our Data Security Manager portal from 16 January 2024 – everything you need to report your compliance status to the new version will be available when you next log in after this date.
Attesting your compliance
Regardless of how you become compliant, everyone must attest to Barclaycard that they’re compliant with PCI DSS. Log into our online portal where you’ll find more details of what you need to tell us. You then have three options:
2. If you decide you’d like to upgrade to our Proactive Security Service (PSS), call the team on 0330 0583 940 and they’ll be happy to help
3. If you’re not using Barclaycard to be compliant with PCI DSS, then upload your exisiting compliance documents on the DSM online portal. These are:
- your signed and completed self-assessment form
- or a signed attestation of compliance
- if you have both documents, then we need to see both
If you choose to become compliant through a third-party supplier, you’ll still need to let us know through the DSM portal.
Proving you’re compliant is just the start. Maintaining compliance means staying on top of any changes in your business. Some things to consider are:
- new employees – have they been trained to look after customers’ data?
- software updates – have all critical software patches been updated as recommended by your software supplier?
- taking payments – are you offering a new way to pay e.g. online?
- new premises – are you taking payments in another location too?
- security arrangements – have these changed?
Any changes in your business will mean you need to re-attest your compliance for things such as taking online payments etc.
Keeping it compliant day-to-day
To meet industry standards and be sure that you’re looking after your customers’ data securely, you need to follow certain steps – these depend on your business type and particular industry standards.
- Protect the data environment
Take all the steps you can to safeguard data
- Use antivirus software – and keep it up to date
- Protect data access
Don’t use supplier defaults for system passwords and other security parameters
- Restrict access to data to a need-to-know basis
- Restrict physical access to cardholder data
- Assign a unique ID to everyone with computer access
Need more help?
You’ll find more information about the standard, and how to report and maintain compliance on the PCI Security Standards Council website.