Payment Card Industry Data Security Standard (PCI-DSS)
The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard for organizations that handle cardholder information. All merchants, whether small or large, need to be PCI compliant. The burden of compliance can be daunting at first, but at Bongo IT we are here to help.
You may have noted that in 2018 some of the Payment Service Providers e.g. Barclacard have tightened their regulations and are now providing more difficult questionaires. If you now find yourself stuck, please speak to one of our team.
What is involved
Our first step is to document the cardholder data flow. This allows us to understand how sensitive data flows through your systems, and which parts of those systems need to be scanned. We will then look at reducing the number of systems involved in the flow of cardholder data, to lessen the compliance task.
After filling in the correct questionnaire for your level of interaction with cardholder data, we initiate the scan. The scan tests all the systems through which data flows for basic security vulnerabilities. After rectifying any vulnerability, and re-running the scan until no vulnerabilities remain, compliance is achieved. We will then inform your Payment Service Provider (PSP) that you are compliant. The scan will automatically run every 3 months, and will inform you if you ever drop out of compliance.