Taking the pain out of PCI: DSS

Published 28th November 2008

STANDFIRST:
Retailers are faced with the costly and time-consuming issue of complying with PCI: DSS regulations. Rohit Patni, EVP Sales and Marketing at YESpay, argues that outsourcing to a global payments services provider could save both time and money.

COPY:
The Payment Card Industry Data Security Standard (PCI: DSS) has been introduced in a bid to secure cardholder data. PCI secures cardholder data that is stored, processed or transmitted by merchants and processors. The standard specifies 12 requirements for security, technology and business processes, and reflects most of the usual best practices for securing sensitive information.

If organisations choose to ignore meeting the requirements of PCI: DSS they will ultimately pay the penalty. Failure to comply is likely to result in hefty fines, along with the potential of increased fraud. The harsh reality is that the onus is on retailers to comply with the legislation and it is the retailers who face the cost of non compliance – not their suppliers.

The process to compliance can be an arduous and drawn out process. Retailers have to build and maintain a secure network, which protects cardholder data. Companies need to track and monitor all access to network resources and cardholder data and regularly test security systems and processes. Most importantly, the business needs to maintain a policy that addresses information security.

This leaves retailers with a choice. They can either manage the process of PCI: DSS in-house or they can outsource to a payment services provider.

If retailers choose to keep compliance in-house they may face high costs and issues that could be avoided. There are costs associated in securing stored cardholder data and also in monitoring systems containing the data. Organisations must also bear in mind security management costs, such as transmitting the cardholder information. Retailers must also consider the ‘time to compliance’ which can take much longer when they are not in the hands of an expert.

Often the handling of financial data can be haphazard at best and putting bad processes right will take time. Also the high demand for IT resources means the salaries of compliance and security experts are high. However, if a retailer chooses to work with a payment services provider which already has PCI experience and pre-compliance, these problems are eradicated.

This is even more crucial at a time when the economy is unstable. It is important that retailers are able to concentrate on what they are good at – selling and marketing their goods to consumers, not concerning themselves with technical issues that add no value to the bottom line.

However, there is an alternative for retailers who don’t want to go through time consuming PCI accreditation themselves. Many businesses have taken the decision to outsource their PCI accreditation to a specialist payment services provider who can offer a fully PCI compliant service. By doing this retailers will avoid full PCI audits and acquirer certification. This means that a retailer faces significantly reduced compliance costs to secure cardholder data.

Outsourcing also eliminates costs and security problems associated with running in-house systems. If a retailer decides to outsource services they will see a much shorter time to compliance. Overall compliance costs can be reduced by as much as 65% in some cases and retailers need not worry about maintaining a policy that addresses information security as it is in the hands of the payment services provider.

The incentive for working with an outsourced payment services provider who can manage the whole process for you is a simple one – companies reduce costs to a minimum and protect their long term business plans. By putting compliance demands under the tutelage of an expert it safeguards both a retailer’s business and its customer data, which gives businesses the time to concentrate on the day-to-day business.


YESpay profile:

YESpay is a global payments services company providing highly secure and scalable EMV Chip & PIN, contactless and magnetic credit / debit card, e-commerce and gift card payment processing services to independent and multi-chain merchants. It provides outsourced management payment services anywhere in the world to traditional high street stores, hospitality, leisure, fuel, mail order and web environments.

Through EMBOSS™, its Gateway to Managed Payment Services, merchants can quickly accept integrated card payments within their EPOS tills, kiosks, and hospitality payment systems as well as enhance their websites for on-line payments with minimal capital investment and low on-going services costs. EMBOSS is an on-line IP-based payment processing service that has been pre-accredited (generically) by major card Acquirers in Europe and North America (including Barclaycard Business, HSBC, HBOS, Lloyds Cardnet, Streamline, Ulster Bank, Elavon, PBS, Amex and Diners). In addition, YESpay’s EMBOSS service is fully end to end certified to Payment Card Industry Data Security Standards (PCI DSS) Level 1 as mandated by Visa and MasterCard.

YESpay’s EasyV-Suite of card payment products are innovative and cost-effective solutions for EPOS, Kiosk, Hospitality, Mobile and Internet Websites that combine with the YESpay hosted EMBOSS payment service to enable their merchants to perform credit or debit card payments in both card-present and card-not-present environments.

For more information please visit: www.yes-pay.com