Coping with compliance: a retailer’s guide to PCI

By Patrick Juan, Director, Solutions Consultants, Ingenico Enterprise Retail

Every day retailers are faced with new regulations – and acronyms – to get their heads round. As tricky as these seem at first, they’re crucial to creating a safe and seamless business environment for merchants and consumers alike. As such, it’s important to get a better understanding of exactly what they entail. One industry body sets the standard for regulations for the payments industry, the Payment Card Industry Security Standard Council (PCI SSC). However it can be somewhat of a minefield for retailers, so let’s take a look at exactly what PCI is, and other FAQs on the topic.

What is PCI?

In a nutshell, PCI defines a compliance framework for security that merchants must comply with, in order to be allowed to take card payments in their physical and digital stores. Without this compliance, retailers may struggle to find an acquirer to partner with, and may also be fined by card schemes indirectly through the acquirers. The total value of card transactions they process determines the level of compliance needed.

As with most regulations when it comes to non-compliance, there can be hefty monetary implications, both in the form of fines and extra costs when processing card payments. In fact, if a retailer suffers a data breach and they’re not PCI compliant, they may be liable to especially large fines – we have seen some of the UK’s biggest retailers be slapped with fines reaching the £10 million mark and above.

What are the main PCI need-to-knows for merchants?

Merchants should be aware that there are two primary standards of PCI – PCI PIN Transaction Security (PCI PTS) for payment terminals, and PCI Data Security Standard (PCI DSS) for payment gateways in-store and online. This distinction is important to understand as the PCI compliance you need will depend on your retail system.

Additionally, merchants will need to think about how they manage their payments assets. For example, it’s important not to manage sensitive data such as the card number or CV2 numbers. In order to do this, they should think about employing a PCI Point to Point Encryption (P2PE) solution. P2PE means that the card data is encrypted at source on the PIN pad and stays encrypted until it reaches a PCI DSS environment, usually a PCI DSS compliant gateway. By using a compliant PCI P2PE solution, the merchant PCI compliance burden is significantly reduced.

It may sound complicated but there’s no need to panic – there are experts available to help businesses through the process and answer any queries they may have.

How can retailers ensure compliance?

The PCI standards update every three years, and compliance must be kept in check and reported on every year. Large businesses will need to work alongside specialist consultants called Qualified Security Assessors (QSAs) who ensure that merchants uphold the 290 requirements defined by the PCI Council. To uphold the requirements, retailers can put certain measures in place, such as network scans, penetration tests and staff training, while ensuring their payment devices are also managed properly.

How can Ingenico Enterprise Retail help?

Ingenico Enterprise Retail payment gateways, both in-store and online, have upheld the highest level of PCI DSS for many years. Our in-store payment gateway was one of the first to be fully PCI P2PE compliant. So, when a retailer uses an Ingenico P2PE solution, the burden reduces from meeting over 290 requirements to filling in a short self-assessment questionnaire under the direction of a QSA.

Retailers can also benefit from Ingenico CRM tokens, which protect consumers’ sensitive details while still allowing the business access to other important data. This enables merchants to track and understand their customers behaviours, both online and in-store without handling any sensitive data..

To learn more about PCI or to find out how your company can benefit from the same assurances, visit

Comments are closed.

    Inspired Lighting Skyscraper – Nov 19
    Recolight right-hand skyscraper April 20
    Perspex right-hand skyscraper March 21
  • A1 Retail Twitter

  • Search