Find out how to protect your customers' data
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
When accepting card payments, each transaction involves sensitive cardholder information. To protect customers and your business from the increasing threat of card fraud and data breaches, all cardholder sensitive data must be processed, stored, and transmitted securely, against the latest version 4 of the PCI DSS standards.
When you start actively accepting card payments, Cashflows will register your details with our PCI Partner, VikingCloud. You will receive a welcome letter followed by your login credentials, via two separate emails. The welcome letter tells you what you need to do to start the compliance process.
It is a mandatory to update and validate PCI compliance annually to confirm the business is still compliant against the latest version 4 standards.
For more information, visit the PCI Security Standards website.
What is defined as ‘cardholder data’?
The PCI Security Standards Council (SSC) defines ‘cardholder data’ as the full Primary Account Number (PAN) or the full PAN along with any of the following elements:
- Cardholder name
- Expiration data
- Security code
Sensitive Authentication Data, which must also be protected, includes full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more.