PCI DSS Certification for Online Transaction Safety


PCI DSS Certification

Gain a great competitive advantage for your business, regarding transaction safety by acquiring the PCI DSS Certification.


What is PCI DSS

TThe PCI DSS (Payment Card Industry Data Security Standard) is an international security standard, created by Visa, MasterCard and other international institutions. The certification defines all the security specifications concerning all the enterprises and organizations that accept, process, save or transmit card data.

Card Data Security

The main goal of PCI DSS certification is to enrich the security of card data that are handled by your e-shop.

The certification’s specifications concern:

  • The payment process
  • IT and software
  • Anything else that takes part in the process of processing, saving and transmitting card data.

Why is it important to be PCI DSS compliant

Being PCI DSS compliant is crucial for your enterprise because it provides you:

  • Security: Ensure your customers’ personal data
  • Avoid economic impact: Decrease the chance of fraud transactions and of penalties that may be imposed by Visa and MasterCard
  • Increase sales: Online buying research indicates that e-shop safety is important for consumers. Customers seem to trust more PCI DSS compliant e-shops in comparison with non-compliant ones.

What is the impact of not being PCI DSS compliant

In case of a security breach, you may have:

  • Economic impact: By imposed penalties from Visa and MasterCard
  • Incapacity of card acceptance: You many no longer be able to accept card payments at your physical store as well
  • Sales drop: Due to lack of trust from potential customers, they will purchase from competitive e-shops
  • Compliance cost: Your enterprise may be marked as high risk between Acquirer banks and payment institutions and this is going to complicate your business decisions in the corporate world.

How to become certified

The certification process

To ease the certification process, Piraeus Bank, in cooperation with Trustwave (cybersecurity service provider with global presence), provides you access to the Trustwave portal through which you will answer the self-assessment questionnaire (depending your sector, card acceptance method and number of transactions) and acquire the PCI certification.

Any enterprise or organization, which completes card transactions should be PCI DSS compliant. Being PCI compliant will help your business to avoid security breaches by impoving your internal processes. Facts show that enterprises that are PCI compliant are less likely to be targeted by hackers.

If you would like to acquire access to the self-assessment portal you can contact us at 210 38 98 954 from landline or mobile or send email at pcisupport@pds.gr.

Piraeus Bank is PCI DSS certified

Piraeus Bank is PCI DSS compliant since 2011 and is the first bank in Greece and the Balkans that has been certified. The bank invests on online transaction security and this is something that can assist your enterprise as well in the process of the certification.


FAQs

What is PCI-DSS certification?

PCI DSS (Payment Card Industry Data Security Standard) is an international security standard addressed to all businesses and organizations that accept, process, store or transmit data of payment cards.


Do I need to be certified?

If you manage card data, the acquisition of certification is necessary for the determination of security specifications, according to which your business must operate.


I want to acquire PCI certification, what should I do?

To acquire certification according to PCI-DSS standards, you may visit any store of Piraeus Bank, contact at 210 38 98 954 or send an e-mail at: pcisupport@pds.gr


For how long is the certification valid?

The certification is valid for one year. In case you have conducted a Vulnerability Scan, you must repeat it every 3 months, without being required to complete again the Self-Assessment Questionnaire (SAQ). In any case, you shall receive an information e-mail, which shall remind you that you must conduct a Vulnerability Scan.


My certification has expired, do I have to follow the procedure from the beginning?

Shortly before the expiry of the certification, you shall receive an information e-mail from the certification provider company, with which you cooperate, which shall guide you to the platform, in order the follow the steps required.


Do all businesses regardless of activity and method of operation answer the same questionnaire?

There are different questionnaires depending on the characteristics and method of operation of each business. You may be informed regarding the above at the official site of PCI Council (https://www.pcisecuritystandards.org).