The deadline for the new PCI DSS regulations might have passed, but that doesn’t mean all businesses are compliant. If you’re not up to date with the latest PCI DSS, your systems may not be safe and your company could be subjected to fines. The question of what happens to your personal information when shopping online has become an increasing concern for both sellers and buyers so let’s take a closer look at PCI requirements and how to ensure your business is compliant.
So, what is PCI-DSS?
PCI-DSS is also known as PCI and stands for Payment Card Industry Data Security Standard. The standard is applicable to all Australian businesses who accept credit card payments. Depending on your turnover, if your business accepts, processes or stores customer cardholder data, you need to make sure you are PCI compliant.
New PCI Changes & Who It Affects
The new data breach notification laws which came into effect in February make it compulsory for all Australian businesses to alert the Information Commissioner and all potentially affected clients if there has been a data breach. There is a 30 day grace period for businesses to report the breach to the required parties. The laws are applicable to:
- All government agencies
- Organisations governed by the Privacy Act 1988
- Health service providers
- Credit reporting bodies
- Businesses that sell or purchase personal information
If your business turns over less than three million dollars, you are governed by state government legislation.
What Is A Data Breach?
In other words, if you suspect personal information has been stolen, lost or leaked, you need to report it. Personal information can include everything from contact details to tax file number information.
Investing in an advanced payment system that is tier-one PCI-DSS compliant is the most effective way to ensure your business is protected from potential data breaches. If you need assistance with any aspect of your Ecommerce website in Nowra including advanced payment systems, talk to Nowra Web Designer