Sales 01256 592150
Support 01256 592160

If your business takes takes credit card payments, the requirement to be PCI Compliant applies to you.

There is a great deal of confusion around what is required to become PCI compliant however the list of requirements is actually quite straight forward. Many businesses we speak with are confident that they meet all of the requirements required, in reality this is rarely the case. Often PCI compliance is seen as an IT thing, which is only partly true as PCI compliance applies to many aspects of business process, including physical aspects such as writing down credit card numbers on guest registration cards or the recording of telephone calls to your reservations team as they take card payments over the phone. PCI applies at all touch points and guest interactions regarding the processing of payment transactions, via ecommerce and webooking engines, or card holder not present transaction such as deposit payments or no shows.

The penalties for being the source of credit card fraud can be very costly indeed, with a potential 90 day window to bring everything up to speed or forfeit your merchant status removing your ability to take credit card payments.

The Twelve Commandments of PCI Compliance

  • Install and maintain a firewall configuration to protect cardholder data.
  • Change vendor-supplied defaults for system passwords.
  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.
  • Maintain a vulnerability management program.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a policy that addresses information security.


Tokenisation and integrated payment solutions.

Tokenisation is technology that can significantly reduce your business risks around the storage of card holder data and therefore scope of PCI.

Tokenisation technology means that as you gather the payment from a customer, the card data never sits on your systems it gets sent of to your payment processor who store the information on your behalf, sending you a secure transaction code that references the transaction but does not contain any client card data or personal information itself. You still have the ability to charge the card on file as the transaction reference allows the payment processor to call up the payment card details that they store and make the charge to the card.

A payment gateway can also provide other benefits of having an integrated payment solution, such as easier reconciliation of credit card payments and the ability to close cheques within your POS system as soon as the payment had been completed are just some of the advantages of implementing an integrated payment system.

We work with a number of the leading payment processors and can assist with the implementation of a tokenised payment solution and payment gateway.

We can help navigate your business through to PCI compliance, or work with you to identify and implement a tokenised payment solution for your business that will take your IT systems our of scope for PCI.

Need help with PCI compliance or payment solutions?

This website uses cookies and asks your personal data to enhance your browsing experience.