As attacks on payment security become more and more sophisticated, that gets harder to do. And the rules about how businesses have to process data have become more comprehensive, to make sure information is protected.
Keeping everything safe and meeting the requirements can be costly. But there’s an option that minimises the effort and outlay involved.
The rules – the standardThe Payment Card Industry Data Security Standard ( PCI DSS ) is a global, payment industry-wide standard designed to help reduce payment card fraud and ensure customer card data is processed as securely as possible.
It was created in 2004 by Visa and MasterCard, and it’s made up of 12 high-level requirements for storing, processing and transmitting cardholder data for manual and electronic transactions.
The idea is that you don’t store data you don’t need, helping to keep it away from people who could use it fraudulently.
Not complying with PCI DSS could mean financial penalties and if there’s a data breach from your business the costs quickly escalate. You could also be looking at serious damage to your reputation, and that can be even more expensive in the long run.
Until now, merchants’ efforts to secure and manage cardholder data to meet PCI DSS requirements often meant considerable investment, financially and in terms of resourcing.
A simple, cost-effective way to comply
PCI-Security Standards Council-validated (PCI SSC) Point-to-Point Encryption (P2PE) makes meeting your payment security responsibilities more manageable. It reduces the effort and costs, and cuts the risks of being non-compliant or the subject of a breach in payment security.
P2PE works by encrypting card data as soon as it’s accepted. That means you effectively remove the information from your internal systems, which immediately reduces the scope of PCI DSS .
So you have a much smaller set of controls to apply and manage, and you can focus on what’s most important to you, your customers and your business.
DevelopmentsThe Payment Card Industry Security Standards Council (PCI SSC) said in June it was simplifying the development and use of Point-to-Point Encryption solutions so they could play a bigger part in PCI DSS compliance.
Finding your P2PE solutionThe Logic Group (TLG), a wholly-owned subsidiary of Barclaycard, offers omni-channel security extensions for payment solutions that work across the web, mobile technology and in store, and include PSI DSS-accredited P2PE.
In fact, TLG launched the world’s first PCI Council-validated P2PE solution, and it’s delivered some of the first validated P2PE solutions in Europe for several leading retailers1.
Solve DataShield is one of only a handful of PCI DSS-validated solutions on the market, and it can cut the cost of PCI DSS compliance significantly.
It not only meets PCI SSC requirements, it also provides cost savings by cutting the time to complete annual audits by more than 50%2. So you can protect your brand and cardholder data while accepting payments and providing good value to customers.
Staying up to date with PCI DSS compliance is essential to protect you and your customers and we provide the support that lets you do that.
Our solutions are compliant, expert and award-winning3, and our Payment Security Team is an elected member of the PCI SSC. All in all, we provide P2PE that meets PCI DSS requirements, and leaves you to concentrate on what you do best.
You can find out how TLG’s P2PE solutions could help your business by downloading their press release .
2 The reduction of annual audit questions from 288 to 18 accounts for this significant drop.
3 These include the FSTech Awards Compliance Project of the Year 2013 and Anti-Fraud/Security Strategy of the Year 2013.