In June, Surfboard Payments AB announced that the company had earned Payment Card Industry Data Security Standard (PCI DSS) compliance for its card processing environment. While this is a huge milestone for Surfboard Payments, some of you may be wondering why it’s so important to be PCI DSS compliant at all. Well, our Chief of Security Officer Neal Hindocha gives a full rundown on everything PCI DSS, and why it affects everyone within the payment chain.
The History Behind PCI DSS.
The Payment Card Industry Data Security Standards or PCI DSS is a set of rules and regulations for organizations that handle credit card information or payments. These regulations are standards that are mandated by prominent card brands like VISA, Mastercard, American Express, Discover, etc. but are enforced by the PCI Security Standards Council. Being compliant or following the rules of the internationally accepted standards that the council enforces applies to everyone within the payment chain. From merchants to payment processors, to even acquirers, everyone within the industry that can access card data must comply with PCI DSS to ensure data security.
“The goal is to ensure the security of card data, but from the point, it’s captured,” says Chief Security Officer, Neal Hindocha. “Whether it be a web-based checkout or someone tapping his or her card on a card terminal from the point of entry all the way to the card issuer.”
Having the certification of compliance from PCI DSS ensures that those within the payment chain are taking the necessary steps to protect the integrity of card data. It also ensures that there’s been a third party that has validated this entity to actually verify that they are doing what they say that they are doing, and by having PCI DSS compliance applied to the payment link or payment chain, the card holders can feel confident that their data is not going to be misused or intercepted by an unscrupulous third party.
Why should PCI Compliance matter to you?
Well, as previously stated everyone within the payment chain must be compliant, even merchants and business owners need to follow Payment Card Industry Data Security Standards. Now it might seem tedious but earning compliance for PCI DSS is an important step in becoming a trustworthy business. Following the steps to protect card data will ensure your future customers that their transactions are safe and secure. PCI DSS holds a few requirements in order to be considered compliant. These requirements are as followed:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Create a Vulnerability Management Program
- Implement Strong Acess Control Measures
- Consistently Monitor and Test Networks Regularly
- Develop an Information Security Policy
fter you have established these core elements in your business, the next step would be to prove compliance. Small and medium-sized merchants have the option of completing a self-assessment, but everyone else is required to go through a Quality Security Accessor or QSA. This means submitting evidence as proof of compliance for the QSA to gather and review. In addition, they will interview select personnel to ensure the whole company knows what processes to follow. Once completed they will create an RoC (Report of Compliance) and submit it to the PCI council together with an AoC (Attestation of Compliance). For Merchants that qualify for self-assessment, filling out a Self Assessment Questionnaire is required
Becoming compliant is a long drawn-out process, but luckily for those using Surfboard Payments products you don’t have to worry about all the necessary steps. In fact, if you are a merchant or company that uses Surfpay or Surpfay Connect your life just got a whole lot easier.
“Surfboard Payments does all the work for their merchants to be compliant,” says Neal Hindocha. “So they don’t have to do anything. They can just use our solutions and know that the acceptance point is secured from the terminal that they hold all the way back to the processing environment and further upstream.”
The company removes all of the hassles of becoming PCI DSS compliant on your own by providing a solution with all security that then fills in the appropriate SAQ requirements on the merchant’s behalf. It is just one of the many perks of being a user of Surfboard Payments’ products. Being able to download a payment terminal app like Surfpay or start using an in-store checkout program like Surfpay Connect and instantly be compliant removes all of the time and energy wasted.
Surfboard Payments feels proud to have accomplished becoming PCI DSS compliance as the company feels it can instill more confidence in its merchants and ensure smooth and safe transactions from start to finish. This newest achievement is the result of hard work that has always been dedicated to developing secure products.
“In many companies, security is seen as “something to get through.” We think of it as a way to be innovative,” says Neal Hindocha. “Providing secure solutions is the core of Surfboard Payments. It’s not just an afterthought, we want to make it ingrained in every part of our product so that we can be much more flexible. We can provide great products to the market and always know it’s compliant and secure.”