This is a guest blog post from Gary Conroy in Realex Payments.

We continue to get a lot of queries about PCI.  Below are our answers to some of the questions we have been asked…

What is PCI-DSS?

The Data Security Standard is a minimum set of requirements put in place in order to protect the cardholder’s information, which must be adhered to by all organisations that transmit, process or store payment card data.

Do I have to comply with PCI-DSS?

PCI-DSS is not law but an obligation enforced by the payment schemes i.e. VISA, MasterCard, Amex, Diners, JCB.  The schemes enforce PCI-DSS through the acquiring banks, by means of fines or other restrictions.

Who owns the standard?

The Payment Card Industry Data Security Standards Council evolved because VISA, MasterCard, Amex, Diners and JCB had their own individual standards. Five standards caused confusion not clarity, so a harmonised standard (PCI – DSS) was created by the card schemes mentioned, which is regulated by the PCI Council.

How do I comply?

You comply by meeting the requirements in the standard.  The Data Security Standard is made up of 12 requirements grouped around the following headings:
▪    Build and Maintain a Secure Network
▪    Protect Cardholder Data
▪    Maintain a Vulnerability Management Program
▪    Implement Strong Access Control Measures
▪    Regularly Monitor and Test Networks
▪    Maintain an Information Security Policy.
 
The full standard is available here

How do I get assessed against the PCI-DSS standard?

There are different requirements depending on the volume of transactions that you process.
 
If you process more than 6 million Visa or more than 6 million MasterCard transactions annually, then you must submit to an annual PCI audit. 
The audit will be performed by a Qualified Security Assessor. 
You can choose one here.

If you process less than that amount, then you must fill out a Self-Assessment Questionnaire and get an approved vendor to perform a network scan on your systems. 

(Editor’s note – several of the banks have “deals” with vendors, so it’s worth checking with them first)

Are Realex Payments PCI compliant?

Yes.  Realex is fully PCI compliant to the highest level of PCI, and was one of the first PSP’s in Europe to deliver this with Level 1 certification achieved in October 2003.

Realex Payments is a leading European online payment gateway, providing a range of payment processing services for businesses selling online.