PCI DSS

You may have read about the biggest fraud ever against every credit card company which resulted in sentences in the USA for the few they were able to catch. Basically the fraudsters hacked into retail computers and implanted a program which phoned home with customer’s credit card details which were then used for a huge number of small value dummy transactions evading controls for a long time. The most famous victim was TKMaxx.

The card companies have taken a massive hit on this and are now introducing new standards known as PCI DSS, all retailers accepting cards will have to comply or will effectively be liable for losses which result. (In the case of the above scam the details obtained from your practice might be used to hit the patient up to his credit limit more than once so the losses are potentially huge!).

The new standards are stringent for most, but only if you store card data. If like most practices you have a stand-alone terminal which uses the phone, not the internet, this is simple.

Security companies, approved by the banks, have sensed a money making opportunity and are offering surveys and accreditation but this has proved expensive in the USA where it has been rolled out over the past 12 months.

Go to www.pcisecuritystandards.org and down load the self assessment questionnaire, fill in and send to your bank. It may be that your bank will offer a free service as they are being pressured to do by the Department of Trade so do check. Barclays Merchant Services are promoting and American (paid for) service with Datametrics Inc.