Certification made easy
PCI DSS compliance (compliance with all PCI DSS requirements) must be verified via certification by credit card acceptance points. Our service: We bear the cost of annual self-assessment on a certification portal for B+S customers.
Confidence in a maximum level of security is the most important consideration for any consumer paying by credit card. As a company offering credit card payments to its customers, retailers are responsible for ensuring that credit card data is handled securely and responsibly. This is where B+S supports you.
Benefits for retailers and buyers
- Protect cards and customer data against theft
- Optimise protection against attacks on your own website
- Protect the reputation of your company
- Fight online identity manipulation, such as the abusive use of e-mail and web addresses
What is the PCI DSS standard?
A globally binding standard has been defined by the credit card organisations: the Payment Card Industry Data Security Standard (PCI DSS). It is designed to protect your business and your customers' data against theft and credit card criminals.
Compliance with the requirements arising from the standard (PCI DSS compliance) is obligatory and governed by the Terms and Conditions. At the same time, the rules require evidence of PCI DSS compliance to be provided.
Compliance with international safety standards helps retailers to prevent the criminal use of payment data. This builds trust and improves protection against the financial burden of fines due to a breach of rules or damage claims.
How can security according to PCI DSS be achieved?
Regardless of the company's own turnover amount or sector, points of acceptance prevent data from falling into the wrong hands by observing the PCI requirements.
- Installation and regular updates of a firewall configuration to protect data
- Predefined values (by supplier/manufacturer) for system passwords and other security parameters are not used
- Protection of stored data: Do not unnecessary store card and transaction data, such as the complete card number, data from the magnetic strip, card verification codes (CVV2) or PIN
- Encrypted transmission of cardholder data and sensitive information on open networks
- Use and regular updates of recognised anti-virus software
- Development and use of secure systems and applications
- Restriction of data access - exclusively for business purposes
- Allocation of a personal ID to each person with computer access
- Restriction of access permissions associated with sensitive cardholder data
- Traceability and monitoring of all access to network resources and cardholder data
- Regular review of security systems and processes
- Corporate policy that governs information security
How does B+S help with providing evidence of PCI DSS compliance?
An annual self-assessment is required in addition to the twelve PCI rules to be observed by all retailers who accept credit cards. To help you complete this self-assessment conveniently, B+S has set up an online portal and a specially trained Competence Centre, which provides a support service for you as our customer.
B+S Card Service cooperates with Germany's leading service provider in this field - usd AG – to provide PCI DSS certification support. Our customers can also book any required vulnerability assessments and security audits at special rates to be performed by an auditor approved by the PCI Security Standards Council on site.
Download and more information
Have you received your login details for self-assessment in a letter? Then you will be able to complete the process in just a few steps for free online.