The Payment Card Industry Security Standards Council (PCI SSC) has announced that retailers, banks and other companies involved in processing credit and debit card payments will be subject to a new set of data security standards from January 2014.
All businesses accepting credit and debit card payments must be compliant with Payment Card Industry Data Security Standards (PCI DSS). The Information Commissioner has stated in the past that retailers that fail to store customer payment data in accordance with PCI DSS or provide equivalent protection when processing customers’ credit card details could be held to be in breach of the Data Protection Act 1998 and be subject to fines. The standards set out 12 requirements for any business that stores, processes or transmits payment cardholder data and specify the framework for a secure payments environment.
Although the new standards become effective from January 2014, some aspects will be treated as “best practice” recommendations for a time to give business adequate time to make the transition to the new standards, and the old framework will remain active until 31 December 2014.
A link to the press release from the PCI SSC can be accessed here.