Stay in Touch
Sign up to our newsletter to stay informed about PCI compliance news, and updates regarding new PCI Booking features.
Understanding PCI compliance can be a daunting task. What exactly is it? Who needs it? How can I become PCI compliant? Luckily, you’ve come to the right place in order to find out the answers.
by PCI Booking – November 1, 2018
The PCI council, an organization created by the major credit card companies (Visa, Mastercard, American Express, etc) has defined the Payment Card Industry Data Security Standard (PCI DSS), commonly referred to as “PCI compliance” or simply “PCI”. PCI DSS is a set of security standards, twelve in total, that any organization that accepts, processes, stores or transmits credit cards must follow.
The aim of PCI DSS is to reduce the risk of a data breach involving your customers sensitive data. If customers entrust you, the merchant, with their sensitive data then it’s your responsibility to ensure that adequate security measures are put in place. PCI DSS outlines how you can achieve this through its twelve standards that focused on preventing, detecting and reacting to data breaches.
There are several levels of PCI compliance (levels 1, 2, 3 and 4) – all depending on the number of cards your organization “handles” each year.
Most likely, yes.
If your business accepts, stores, processes or transmits payment card information then PCI DSS does indeed apply to you. Even if you only accept cards and immediately relay them to a third party and never store them in your system, you will need to become PCI compliant.
While not a legal requirement, failure to comply has a number of damaging and disruptive outcomes such as:
When it comes to becoming PCI compliant, there are two distinct methods of achieving it:
1) Building a PCI compliant infrastructure inhouse by following the stages of PCI DSS:
This is an ongoing, time-consuming and expensive task and, depending on the size and scope of your system infrastructure may require a lot of resources from you.
2) Outsource your credit card capture, storage, processing and transmission to a PCI Compliant third party. Choosing a partner who is fully PCI compliant and can capture, store and transmit payment information on your behalf has huge benefits. Once properly integrated into your workflows, you will no longer directly handle sensitive card informative yourself, which takes you completely out of PCI scope and allows you to maintain the much simpler Self Assessment Questionnaire (SAQ-A).
PCI Booking can offer you a PCI compliant level 1 outsourced service and handle, on your behalf, all of your processes that involve credit card details.
Through use of multiple card capturing methods, PCI Booking enables you to collect payment information from your customers without the card details ever reaching your systems. Captured payment data, be that from secure iframe webpages or API endpoints that support integration with third party APIs, is first tokenized and masked prior to reaching your infrastructure, effectively creating a PCI compliant shield around your system.
Once captured, stored cards are both accessible to you, but protected and inaccessible to others. As data breaches become ever more frequent and unprecedented in nature, PCI Booking offers unlimited PCI DSS Level 1 storage.
Of course, capturing and storing credit card information is only one part, you will also need to use them. With PCI Booking, you will get instant and immediate access to dozens of payment processors all through a single, unified API endpoint – thus eliminating the need for individual integrations with each payment processor.
Do you require relaying stored cards to third parties? With PCI Booking, you will have an easy and straight forward proxy to relay your requests to any third party.