Introducing PCI compliance

Since March, online traffic and transactions have registered an extraordinary growth, as a result of the change in consumption habits caused by the Covid-19 outbreak. But this increase has also fuelled hacker attacks and fraud attempts, including data breach.

When it comes to e-commerce, any unauthorized or illegal use of card data impacts the entire payment ecosystem, with consequences for consumers, companies and financial institutions. Trust is broken, credibility is at stake, and everyone is at lost. So, security matters. It’s the sine qua non condition to ensure that customers trust brands with their payment card information. There are a set of solutions and procedures that guarantee security and protect systems, including risk analysis and anti-fraud control programs and security stands and PCI compliance.

Altogether, they assure good, trustworthy shopping experiences.

Deciphering PCI DSS: what is it and why you must comply

PCI DSS is the acronym for Payment Card Industry Data Security Standards and it’s a set of technical and operational requirements for all entities that accept or process credit card transactions, and for software developers and manufacturers of apps and devices used in those transactions.

The PCI DSS were created in 2006 by the PCI Security Standards Council (PCI SSC) «a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide». It’s demanded to all entities that store, process or transmit cardholder data to maintain payment security by complying with PCI DSS, and every year it’s necessary to submit the official documents for validation.

Therefore, as a merchant, you must warrant secure point of sale systems, payment card storage, online payment applications and shopping charts. So, what companies need to do to become PCI compliant?

How to become compliant with PCI DSS

First, understand that the purpose of PCI DSS is to prevent data breach and theft of cardholder details. In this sense, they were grouped into four types according to the nature of the ecosystem payment stakeholders:

TYPEADDRESS TO
PCI DATA SECURITYAddress to all entities that accept and process payment cards. These standards cover technical and operational system components included in or connected to cardholder data.
PCI PTS – PCI PIN Transaction SecurityAddress to manufacturers. These standards are focused on characteristics and management of devices used in the protection of cardholder PINs and other payment processing related activities.
PA DSS – Payment Application Data SecurityAddress to software vendors and others who develop payment applications that store, process or transmit cardholder data and/or sensitive authentication data, i.e., as part of authorization or settlement when these applications are sold, distributed or licensed to third parties.
P2P ENCRYPTATION – Point-to-Point EncryptionAddress to p2p encryption solution providers. It’s a cross-functional program that results in validated solutions incorporating many of PCI various security standards.
Source: PCI Security Standards Council

Considering the table above, each company will have to implement the requirements applicable to its business, and fill in a couple of forms, including the SAQ A – Self Assessment Questionnaire A.

To sum up, these are the steps merchants need to do to become compliant with PCI DSS:

  • Map the flow of cardholder data
  • Scope the company’s environment
  • Make an assessment
  • Make any necessary changes
  • Fill out the Self-Assessment Questionnaire (SAQ) A
  • Submit documents
  • Setup regular monitoring

BoaCompra complies with PCI DSS

As payment solution experts and providers, BoaCompra is PCI DSS compliance certified. So, adding to the fact that we have more than 15 years of expertise in helping companies grow, giving access to local payment methods, we help merchants to implement security solutions and procedures, such as the PCI DSS. Partnering with BoaCompra and become PCI compliant means:

  • Improving customer relationships
  • Preventing data breach
  • Addressing security and meeting global standards
  • Sustaining your business