ComplianceCyber Security

PCI Compliance – Managing Merchant Risk

PCI Compliance - Managing Merchant Risk

All organisations that want to accept payments via credit and debit cards need to comply with the Payment Card Industry Security Standards (PCI DSS). These are internationally agreed standards designed to protect both consumer and business security and to help guard against financial crimes such as fraudulent card use and money laundering. PCI DSS is not a mandatory Government set of regulations. It is instead an industry-agreed and enforced standard in which the payments industry polices itself. Both Visa and MasterCard require PCI DSS compliance at various levels for any organisation that processes credit and debit card payments. Given that these are the two largest payment clearing systems that makes PCI compliance mandatory.

The PCI DSS is maintained by the Payment Card Industry Security Standards Council (PCI SSC) which was founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. There are now close to 800 organisations that are affiliated with PCI SSC as participating organisations worldwide.

In October 2019 the PCI SSC Europe Community Meeting will be held in Dublin. It is an annual get together and conference for everyone involved in payment technology within Europe and globally. SecureTrust is delighted to be a Diamond Sponsor of the 2019 Dublin event, and are looking forward to seeing lots of you there. Contact Renaissance if you want to discuss anything related to secure payment processing and PCI DSS compliance. Read on for an overview of the SecureTrust solutions designed to help you manage merchant risk under PCI compliance.

PCI DSS and Merchant Risk

Not all organisations accepting payments are the same size. Under PCI DSS, larger companies have more stringent requirements than smaller companies, even though both may be accepting payments. Four levels of compliance, known as the PCI Merchant Risk Level System, are defined by PCI SSC. They are loosely based on the number of annual credit card transactions that organisations will process annually. The higher the number of transactions an organisation has, the higher the risk of data loss, and therefore the more stringent the set of PCI DSS requirements.

SecureTrust Merchant Risk Solutions

SecureTrust provides tools to help organisations ascertain their level of PCI merchant risk. They can then ensure that they meet PCI requirements today and over time as new suppliers and clients are added for whom they need to process payments.

The SecureTrust Merchant Risk Management Program contains solutions that help secure the merchant lifecycle. When deployed to help merchants they:

  • Reduce the risk of onboarding a new payment source.
  • Continuously monitor data security.
  • Assists with the correct level of PCI DSS compliance.
  • Access to a team of industry experts to help with your compliance.
  • Provides self-service security tools for SME use.
  • SecureTrust Web Risk Monitoring solution that delivers tools to meet card brand requirements.
  • Ties into the broader Trustwave TrustKeeper portal for unified security.

Conclusion

If your organisation needs to accept payments, then it needs to accept credit and debit cards. This means PCI compliance. This can be onerous if you don’t have the expertise in house or via your normal BAU IT supplier. Renaissance and SecureTrust have all the knowledge and tools you need. Contact Renaissance today and let us both help you deliver and maintain the appropriate level of PCI compliance and merchant risk profile.

Leave a Reply

Your email address will not be published. Required fields are marked *