PCI Compliance is all about ensuring a high standard of payment card data protection. But what standards do companies need to meet in order to achieve compliance and what does it mean for their customers?
For companies dealing with customer transactions, payment card data security should be of the utmost importance. By disclosing their details, customers are placing a huge amount of trust in the business they’re buying from to store that information securely. So, put simply, compliance with the payment card industry data security standard (PCI DSS) demonstrates a company’s ability to process, transmit, store and protect cardholder data.
A Continuous Process
PCI Compliance is an on-going process for a business and involves a three step plan of action. Companies must first assess their current set up; locating customer data, evaluating their business processes for payment card processing and identifying any weaknesses that could put data at risk of theft. The second step for a company looking to achieve PCI compliance is to remediate, which involves a process of fixing any vulnerabilities they might have and making sure that data is only stored if needed. The final stage of PCI compliance involves the company reporting back to the banks and card brands they do business with. Qualified assessors will visit businesses of a larger scale to assess whether they are or are not PCI compliant.
Meeting the Standard
There are many steps that can be taken to ensure compliance with the PCI DSS standard. Amongst these are the installation of an appropriate firewall configuration to shield stored data, regularly updating anti-virus software, restricting access to data on a need-to-know only basis, penetration testing of security systems and the provision of a unique ID to every individual in the company who has computer access.
UKFast and PCI Compliance
UKFast is a PCI Level 1 Service Provider and we have just been reassessed and passed compliance requirements for yet another year. This is our third year of Level 1 Service Provider status, which we’re very pleased with!
It’s in our culture to go the extra mile at UKFast and we’ve applied this to all areas, including our PCI compliance. How? Well, most hosting providers just have compliance for their data centres in their scope. This means that, at most, they cover Requirement 9, which is to restrict physical access to cardholder data and requirement 12, which is to maintain a policy that addresses information security.
UKFast has not only all the Data Centres in scope but also their office in City Tower, the new UKFast Campus in Hulme and the entire UKFast Support infrastructure. In addition to this, our colocation clients are hosted within a PCI DSS compliant facility which is something not always offered by providers.
What does this mean?
It means that, as a company, we have a broader range of coverage over the PCI requirements and experience in managing and maintaining a PCI environment, which we can offer as a service to any clients who require a PCI compliant hosting service.