PCI Compliance

Make sure your cardholder data is secure with PCI compliance.


4.5/5 businesses recommend Capalona4.5/5

Over 90% of businesses recommend us.

We help support British Businesses
We are official members of the FSB

Avoid non-compliance penalties and build consumer confidence

Customers worry about credit card fraud. This survey by Nuapay found that 58% of consumers say security is their biggest worry when making payments online. And it seems their anxiety isn’t unfounded – one in 10 UK consumers claim to have been a victim of unauthorised card payments.

But you can do your bit to ensure your customers feel their card data is safe and secure, and that’s by being PCI compliant. Not only will your business be subject to fees if it’s found not to be compliant, risking your customer’s data is unnecessary.

Read more about PCI compliance below.

What is PCI compliance? Does my business have to be PCI compliant? What happens if your business doesn’t comply? How can my business become PCI compliant? Is PCI DSS compliance mandatory in the uk? What are the different levels of PCI DSS Compliance?

What is PCI compliance?

PCI means Payment Card Industry Data Security Standard. It was introduced in 2004 and founded by major credit card companies to help prevent payment card fraud. This standard ensures your business controls data in the most secure way possible. It doesn’t just protect your customer’s data; it protects your business.

Customers want to feel secure when they make a payment, and by being PCI compliant, you’re building a trustworthy relationship with each of your customers from the very beginning.

Does my business have to be PCI compliant?

If you store card payment data, your business should be PCI compliant, but it isn’t a legal requirement. The Payment Card Industry Data Security Standard (PCI DSS) applies to all companies regardless of size. It’s simple; if you process card transactions, you should be PCI compliant.

Being compliant means every business follows the same protocols for storing, transferring and processes card data; it’s an industry standard. A standard customers have come to expect.

What happens if your business doesn’t comply?

If your business fails to comply with the PCI requirements and you have a data breach, your payment acquirer can charge you more on your monthly payments. You’ll have to pay out for any fraud losses and foot the bill for reissuing payment cards.

Aside from the cost of non-compliance, it can damage your reputation with customers. Loss of confidence in your business can mean fewer sales and custom – people could lose their jobs, or your business could close.

Don’t put your business in jeopardy; it’s not worth risking non-compliance.

How can my business become PCI compliant?

To become PCI compliant, you first need to fill out a questionnaire called the PCI DSS Self-Assessment Questionnaire – also known as SAQ. The questionnaire is a checklist created by the PCI Security Standards Council and enables merchants to self-validate their PCI DSS compliance.

There are four levels of PCI compliance, the size and type of your business will determine which level you are. But there’s no getting around the fact that PCI compliance is costly, you can pay from £60 per month for level 4, all the way up to (and past) £50,000 for level 1.

Maintaining compliance can also be an intricate process, but if you work with a merchant service provider, their solutions will usually take care of PCI compliance for you, or at the very least, guide you through the process. Their hardware includes end-to-end encryption already, which means sensitive customer information is secure.

Is PCI DSS compliance mandatory in the UK?

It is a requirement that every UK business who accepts, stores and processes credit card information must be PCI DSS compliant. It is there to help protect you and your customers. Failure to comply may leave your business vulnerable to data breaches which will lead to large fines and impact your reputation negatively resulting in lost trade.

What are the different levels of PCI DSS Compliance?

There are four levels of PCI DSS compliance. The number of card transactions you process each year will determine the level your business needs to comply with. Here are the four different levels:

  • Level 1: Merchants that handles over 6 million card transactions per year
  • Level 2: Merchants that handles 1 to 6 million transactions per year
  • Level 3: Merchants that handles 20,000 to 1 million transactions per year
  • Level 4: Merchants that handles fewer than 20,000 transactions per year