Latest Posts

Latest Comments


PCI: Don’t end up paying the price of non-compliance


Posted by |

As a result of the recent security breach in which details of an estimated 1.5 million payment cards were stolen, the card payment processor Global Payments was dropped from Visa’s compliant providers registry.

The incident throws a spotlight on the complexity of maintaining PCI compliance, particularly when you’re having to hand over some of your processes to a third party. After the breach Global Payments CEO, Paul R Garcia, said, “This will make us better – this will make PCI better”.

What is PCI?

PCI, or more correctly PCI DSS, is the Payment Card Industry Data Security Standard and applies to all retailers and other merchants who store, process or transmit cardholder data. Consisting of 12 basic requirements and over 200 detailed sub-requirements, it was established by the five major credit card companies to protect cardholders’ account and card information right across the payment channel.

How does the card payment cycle work?

As a member of one or more of the various card schemes (e.g. Mastercard, Visa), a financial instution, (e.g. NatWest) issues a credit or debit card to their customer (who becomes the cardholder).

When the cardholder wishes to make a payment, they present it to a merchant (the entity providing the goods or services). The merchant will have a relationship with an acquirer or payment Processor (e.g. HSBC or Global Payments) who will process the payment by routing the authorisation request out to the issuer (i.e the issuing institution) via the card scheme network. Once the payment has been approved, the money will be debited from cardholder’s account and given to the merchant (less a processing fee).

A question of ownership

Interestingly, the incident highlights the difficulties of keeping your customers’ data secure once you have to entrust part of the process to a third party. As a managed service provider (MSP), we’ve always been firmly committed to owning and managing our own network and infrastructure for that very reason. As soon as an MSP starts reselling other companies’ services as part of its own solution, it loses control over the management, maintenance and security of that service.

Unlike other payment network providers, we have the luxury of being able to achieve this ownership and pass on the peace of mind this creates to retailers and other organisations that accept card payments – enabling them to meet increasingly complex compliance regulations while benefiting from reduced costs, improved performance and advanced security.



Post a comment

Comment submitted! Comments needs approval before being displayed.