Merchants of any size accepting credit cards must be in compliance with PCI Security Council standards

What Is PCI-DSS Compliance?

The Payment Card Industry Data Security Standard (PCI-DSS or PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

The Payment Card Industry Security Standards Council (PCI-SSC) was formed by Visa, MasterCard, American Express, JCB and Discover – launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process.

To be compliant today your payment service provider needs to adhere to version 3.2 of the PCI standard, which was introduced in April 2016. Merchants processing over 6 million Visa transactions annually across all channels or Global merchants identified as Level 1 by any Visa region.

Key IVR are PCI-DSS Level 1, version 3.2 compliant, this is the highest level of certification for PCI payments. More about Key IVR

What Is Defined as ‘Cardholder Data’?

The PCI Security Standards Council (SSC) defines ‘cardholder data’ as the full Primary Account Number (PAN) or the full PAN along with any of the following elements:

  • Cardholder name
  • Expiration date
  • Service code

Sensitive Authentication Data, which must also be protected, includes full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more.

What Are the Penalties for Non-compliance?

Not complying with your requirement commitment could mean you are banned from accepting cards and/or increased fees to process cards. Moreover, fines that can range from £3,000 to £60,000 depending on your bank’s merchant account agreement may also be levied.

PCI-DSS Levels

Level 1
A merchant processing over 6m VISA and MasterCard transactions p/a

Level 2
A merchant processing between 1m and 6m VISA and MasterCard transactions p/a

Level 3
A merchant processing between 20k and 1m VISA and MasterCard transactions p/a

Level 4
A merchant processing less than 20k VISA and MasterCard transactions p/a


What Are the Obligations to My Company?

  • Internal or external systems audit
  • Security scans
  • Statement of compliance

How Can I Become PCI-DSS Compliant?

Work with a Partner, like Key IVR, to help assess your systems and provide a secure solution to your customers – compliant with the highest level of PCI-DSS.

Contact us on 01302 513 000 or email sales@keyivr.co.uk

Key IVR are a privately owned business offering automated payment services in the UK and internationally through Europe and into the United States. We are a customer-service focused organisation and take care to manage and meet our clients' expectations.


Key IVR Ltd, Unit 8 Durham Lane, West Moor Park, Armthorpe, Doncaster, United Kingdom DN3 3FE

Key IVR (Ireland) Ltd, 8 Clanwilliam Square, Grand Canal Quay, Dublin 2, D02 PF75, Ireland

Key IVR, 8th Floor, 100 Church St, New York, NY 10007, USA