EFT/400 and the Payment Card Industry Data Security standard (PCIDSS)

May 2007

The press has recently been full stories in relation to the Payment Card Industry Data Security Standard (PCIDSS) and this has grew dramatically when a major retailer had its credit card information stolen consisting of millions of customers card details.

At the end of June 2007, the Payment Card Industry Security Standards Council, a consortium of major card payment scheme brands, including Amex, MasterCard and Visa, will impose the Payment Card Industry Data Security Standard (PCIDSS) for credit card payment merchants. It aims to improve the security of consumers’ card details.

Whilst nothing to panic about, there are clear security guidelines with unclear audit standards and undefined penalties for non-compliance. The implications are clear though – all merchants are expected to follow this standard or be prepared for the consequences should fraud be detected and PCIDSS not be in place. Rather like the introduction of chip and PIN operation, there was no compulsion, but penalties (with chip and PIN they took the form of increased charges) if not introduced. While non-compliance penalties also vary among major credit card networks, they can be substantial. Participating companies can be barred from processing credit card transactions, higher processing fees can be applied; and in the event of a serious security breach, fines of up to £500,000 can be levied for each instance of non-compliance.

So as a user of EFT/400 what can you do to reduce the threat to your business? By following the standard and implementing the new Encryption module available to users of EFT/400 you can help protect your business.

For further information on PCIDSS use the following link: Payment Card Industry Data Security Standards Link