-

How do I become PCI DSS compliant?

Attesting your compliance

Regardless of how you become compliant, everyone must attest to Barclaycard that they are compliant with PCI DSS. Log in to our online portal where you'll find more details of what you need to tell us. You then have three options:

1. Attest via Data Security Manager (DSM) - you'll need to complete the questionnaire online

2. If you decide you'd like to upgrade to our Proactive Security Service (PSS), call the team on 0330 0583 940 and they'll be happy to help

3. If you're not using Barclaycard to be compliant with PCI DSS, then upload the relevant documents from your third party supplier in the compliance section of the DSM online portal. These are:

  • Your signed and completed self-assessment form, which must also state the name of the third-party provided you used to complete the form. 
  • Or a signed attestation of compliance - again, with the name of the third-party provider you used to complete the process
  • If you have both documents, then we need to see both

4. If you choose to become compliant through a third-party supplier then you'll still need to let us know, otherwise you'll be charged        non-compliance fees of £25 per month per outlet plus the monthly £4.80 DSM fee

We will only accept documents that have been approved by a registered and Qualified Security Assessor (QSA) company. You can check the PCI Security Standards Council website for further information. 

Staying compliant

Proving you’re compliant is just the start. Maintaining compliance means staying on top of any changes in your business. Some things to consider are:

New employees - have they been trained to look after customers' data?

Software updates - have all critical software patches been updated as recommended by your software supplier?

Taking payments - are you offering a new way to pay e.g. online?

New premises - are you taking payments in another location too?

Security arrangements – have these changed?

Any changes in your business will mean you need to re-attest your compliance for things such as taking online payments etc. 

Keeping it compliant day-to-day

  • To meet industry standards and be sure that you’re looking after your customers’ data securely, you need to follow certain steps – these depend on your business type and particular industry standards.

Protect the data environment:

  • Take all the steps you can to safeguard data
  • Use antivirus software - and keep it up to date

Protect data access:

  • Don't use supplier defaults for system passwords and other security parameters
  • Restrict access to data to a need-to-know basis
  • Restrict physical access to cardholder data
  • Assign a unique ID to everyone with computer access

Need more help?

You’ll find more information about the standard and how to report and maintain compliance on the PCI Security Standards Council website