Barclays uses cookies on this website. Some cookies are essential to provide our services to you. Other cookies help us to analyse how you use the site, so we can improve your experience on our site. Cookies are stored locally on your computer or mobile device. Please select 'Accept all' to consent to cookies, or select ‘Reject all’ to reject all but essential cookies’, or select 'Manage cookies' to change your preferences. For more information visit our cookie policy.

PCI DSS compliance

How to become PCI DSS compliant

How to become PCI DSS compliant

Get ready for the latest version of PCI DSS

In March 2022, the PCI SSC released the latest version of the PCI DSS, known as PCI DSS v4.0. It will replace v3.2.1 on 31 March 2024. From that date, you’ll need to meet the requirements set out in the new standard. Depending on how you take payments from your customers, the changes may impact you in different ways.

Once you’ve done this, scroll on to read how you can attest your compliance using the Data Security Manager portal (DSM) – and stay on top of any changes in your business.

Barclaycard Payments will switch-over to PCI DSS v4 on our Data Security Manager portal from 16 January 2024 – everything you need to report your compliance status to the new version will be available when you next log in after this date.

Attesting your compliance

Regardless of how you become compliant, everyone must attest to Barclaycard that they’re compliant with PCI DSS. Log into our online portal where you’ll find more details of what you need to tell us. You then have three options:

1. Attest via Data Security Manager (DSM) – you’ll need to complete the questionnaire online

2. If you decide you’d like to upgrade to our Proactive Security Service (PSS), call the team on 0330 0583 940 and they’ll be happy to help

3. If you’re not using Barclaycard to be compliant with PCI DSS, then upload your exisiting compliance documents on the DSM online portal. These are:

  • your signed and completed self-assessment form
  • or a signed attestation of compliance
  • if you have both documents, then we need to see both

If you choose to become compliant through a third-party supplier, you’ll still need to let us know through the DSM portal.

Staying compliant

Proving you’re compliant is just the start. Maintaining compliance means staying on top of any changes in your business. Some things to consider are:

  • new employees – have they been trained to look after customers’ data?
  • software updates – have all critical software patches been updated as recommended by your software supplier?
  • taking payments – are you offering a new way to pay e.g. online?
  • new premises – are you taking payments in another location too?
  • security arrangements – have these changed?
    Any changes in your business will mean you need to re-attest your compliance for things such as taking online payments etc.

Keeping it compliant day-to-day

To meet industry standards and be sure that you’re looking after your customers’ data securely, you need to follow certain steps – these depend on your business type and particular industry standards.

  • Protect the data environment
    Take all the steps you can to safeguard data
  • Use antivirus software – and keep it up to date

  • Protect data access
    Don’t use supplier defaults for system passwords and other security parameters
  • Restrict access to data to a need-to-know basis
  • Restrict physical access to cardholder data
  • Assign a unique ID to everyone with computer access

Need more help?

You’ll find more information about the standard, and how to report and maintain compliance on the PCI Security Standards Council website.