PCI DSS Compliance
If your business processes payments, meeting and maintaining PCI DSS compliance is crucial.
Many organisations believe they are compliant by removing elements of the transactional process from logs or databases. However the need to correctly apply software updates and ensure data cannot be siphoned, by employees or hackers, is often excluded from any internal processes.
Some key questions to evaluate when analysing your PCI DSS compliance;
- Are your employees asking for card details over the telephone?
- Can you ensure data is not written down or entered into a separate programme?
- Can you ensure that photographs or screenshots of transactional data are not taken?
- Are DTMF tones played to employees?
- Are you able to fully maintain the PCI DSS standard and keep card details secure?
If just one of these questions is negative then descoping your company from the requirements of PCI DSS, whilst gaining access to a fully accredited (Level 1) card processing service, is a must for your business.