PCI, and how to demonstrate due-diligence.

17 Sep PCI, and how to demonstrate due-diligence.

For many organisations cyber security is an abstract concept that ranks low on the IT department priority list behind the necessary daily tasks of keeping the business running. Whilst PCI compliance is not a legal requirement in the UK, it might as well be; without which you leave yourself liable to huge financial penalties in the event of a data breach.

Most e-commerce websites will use an external secure payment service firm such as Worldpay, Sagepay or PayPal for handling their payment card transactions. This simplifies certain aspects of payment card handling, but for PCI compliance, all touch points where card details may be communicated or transmitted need to be reviewed. This will touch IT systems at OS, Db, and application levels. PCI Compliance requirements can also require changes to current business processes (e.g. the cessation of staff practices such as the recording of details on paper, and changes to telephone systems – including telephonic recording systems). Most firms will find that they may need to adopt new technology and alter working practices in order to achieve PCI compliance.

For further information please see our website: