Back to all resources

New card processing security regulations

If your business accepts card transactions, you may have been contacted by your card providing bank regarding the new payment card industry data security standard (PCI/DSS) regulations with which you now have to comply. Read on to find out what the new regulations mean for your business and how we can help you to understand them.

Like this resource?

Become a member for access to more resources and benefits.

Learn more

If your business accepts card transactions, you may need to comply with the payment card industry data security standard (PCI/DSS) regulations. Read on to find out what the regulations mean for your business and how we can help you to understand them. Some basic information is supplied below to try and assist you with these new procedures: Why were PCI/DSS regulations implemented? Card schemes – such as MasterCard and Visa – are trying to make sure merchants have protection in place to deter hackers and criminals. Cardholder data is a tempting target for fraudsters and there have been a series of recent high-profile security breaches. How does PCI/DSS affect my business? There are 4 levels of PCI/DSS merchant. The vast majority of Forum members and other small businesses will fall into Level 4 Compliance, where less than 1 million standard or 20,000 e-commerce transactions are accepted annually. As of 31 March 2010, every business in the UK accepting cards has to be compliant with the new PCI/DSS regulations. If not, their merchant provider is liable to receive fines for cases of non-compliance from Mastercard and Visa International. Each merchant processing bank is required by Mastercard and Visa International to ensure their customers comply with the new regulations, which you should be able to access via the website of your bank provider. Each merchant bank seems to be interpreting their responsibilities in a different way. Some are insisting their customers confirm compliance by completing questionnaires, either internally at a charge, or using third party specialist companies who also charge for this service, which may not be the cheapest way of completion or relevant to your type of business. Others are accepting their customers' assurances that they are compliant and others have yet to make a decision as to how they will handle this matter. Several bank providers are now fining their customers for non-completion of these questionnaires, and also if the answers show the customer is not complying with the new security standards in terms of handling the card information. Others do not currently do this. How the Forum can help Due to the diversity and complexity of the information now required by each different bank provider, we recommend that you contact us directly so we can resolve individual queries. As well as helping members to understand the impact of the regulations, we could also potentially reduce the costs of compliance through a review with our card partner. Call us now on 0845 130 1722 to find out more.

×