150 likes | 164 Views
Learn about PCI Compliance - a set of security requirements for handling credit card information. Discover why compliance is crucial for protecting your business and customers, and how non-compliance can lead to penalties. Find out what banks like Westpac, Commonwealth, and ANZ say about PCI DSS and how it applies to your business. Get insights on storing credit card data securely and explore options like Macquarie and SecurePay. Stay informed and safeguard your business reputation!
E N D
What is it ? A set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID).
What isn’t it ? • PCI is not, in itself, a law. The standard was created by the major card brands • merchants that do not comply with PCI DSS may be subject to fines, card replacement costs, forensic audits, brand damage etc., should a breach event occur
Basic Facts • launched on September 7, 2006 • focus on improving payment account security throughout the transaction process • administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands
Coverage • In-scope cards include any debit, credit, and pre-paid cards branded with one of the five card association/brand logos that participate in the PCI SSC - American Express, Discover, JCB, MasterCard, and Visa International
Why do it – the positive • your systems are secure • customers can trust you with their sensitive payment card information • improves your reputation with acquirers and payment brands • helps prevent security breaches and theft of payment card data • Compromised data negatively affects consumers, merchants, and financial institutions
Why do it – avoid the negative • one incident can severely damage your reputation • Possible negative consequences also include: • Lawsuits • Insurance claims • Cancelled accounts • Payment card issuer fines • Government fines
What are the penalties for noncompliance? • Acquiring banks are fined and typically pass the fines on • Transaction fees may increase • Bank relationship could be terminated • Check your merchant agreement
The Banks • Most banks advertise a policy • Information should be available online • Talk to your account manager • The Reserve Bank: • Any merchant that is not PCI DSS compliant can potentially be prevented from processing card payments
What the banks say - Westpac • Being compliant to the PCIDSS forms part of your merchant agreement • Westpac will review your transaction count annually and should we require you to validate compliance as a Level 1, 2 or 3 merchant we will advise you accordingly. • At all times, the Westpac PCIDSS Levels will take precedence over MasterCard and Visa levels for our merchants.
ANZ • As a merchant, it is vital to protect your customers as well as your business against misuse of credit & debit account information. It is essential that you do not store prohibited cardholder data such as magnetic stripe data (track data) and Customer Verification Value (CVV) after a transaction is completed.
thankQ Processing • To store Credit Card details or not ? • Options for storing them outside of your business: • Macquarie • SecurePay • Remember the paperwork