Improving Payment Card Security and PCI DSS Compliance
The Payment Card Industry (a forum including American Express, JCB, MasterCard and Visa) sets very high standards for data security for anyone handling details of customer's credit and debit cards and the standards only get more stringent with each new release of PCI DSS.
Arguably, this is as it should be since this is highly sensitive information and the fines for data loss are punitive. The requirements, however, on the IT infrastructure of the typical SME are onerous and the advice generally is that it is better to avoid any interaction with your customer's card details. This not only applies to the storage of them but implementing systems so that they do not pass through your hands at all.
This is referred to in PCI terminology as taking your systems out of scope.
This has been standard behaviour for many years on axis vMerchant websites built by axisfirst, where the Payment Service Provider captures the card details on your behalf. This has still left a challenge for those businesses taking card payments over the phone.
We are now pleased to announce a range of options and modules for axis diplomat 2016 to help you reduce or eliminate any direct involvement with your customer's card details.
Implementing a mix of these options may allow you to take your entire network out of scope whilst still allowing you to take card payments away from your website's checkout.