The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard for organizations that handle cardholder information. All merchants, whether small or large, need to be PCI compliant. The burden of compliance can be daunting at first, but at Bongo IT we are here to help.
You may have noted that in 2018 some of the Payment Service Providers e.g. Barclacard have tightened their regulations and are now providing more difficult questionaires. If you now find yourself stuck, please speak to one of our team.
Our first step is to document the cardholder data flow. This allows us to understand how sensitive data flows through your systems, and which parts of those systems need to be scanned. We will then look at reducing the number of systems involved in the flow of cardholder data, to lessen the compliance task.
After filling in the correct questionnaire for your level of interaction with cardholder data, we initiate the scan. The scan tests all the systems through which data flows for basic security vulnerabilities. After rectifying any vulnerability, and re-running the scan until no vulnerabilities remain, compliance is achieved. We will then inform your Payment Service Provider (PSP) that you are compliant. The scan will automatically run every 3 months, and will inform you if you ever drop out of compliance.
Bongo IT was approached by an Oxford-based charity who had been asked by their PSP to become PCI compliant. As there was an urgent deadline, we initially worked to achieve compliance. As on ongoing project we were able to suggest measures to reduce the number of systems requiring compliance, and to discuss this reduction with the shopping cart system’s developers. In time it became possible to avoid PCI compliance all together, offloading the security of cardholder data to the PSP’s systems.
At Bongo IT, we know that technology is increasingly dominant and crucial to maintaining business performance and productivity.
Organisations should make sure they are making the right IT decisions for their current needs, whilst also planning for the future with flexible and scalable solutions.
As a special offer, we are offering a FREE one hour consultation to address your current IT setup and recommend an effective strategy for your future requirements.
Addressing issues such as computer hardware, broadband, data security, file sharing, compliance and more, we’ll help you build a plan and ensure you deploy the most cost-effective IT strategy for your company’s needs.