We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Help understanding PCI compliance?.
MrINeedOfHelp
Posts: 88 Forumite
Hello all,
I know it's probably not the most common type of work related queries that come up in this place but this forum has proved rather useful of late.
Basically I am part of a colleague focus meeting, where a few people get to have a meeting with the bigwigs about certain things we felt we being dealt with poorly etc...
Now one subject that has come up recently is internet access and compliance around PCI guidelines.
I have worked in previous jobs where they are so focused on being compliant that internet is completely shut down and all there is work emails and whatever web based admin systems we used at the time, plus there was no pen and papers allowed at our desk to reduce the risk further of being able to copy sensitive customer details, ranging from name and address to bank details etc etc.
However since my current work place after years of allowing internet surfing at your desk has become focused on being more compliant it has meant that those days are gone and all that is left is strictly work related sites and emails, this has led to many on the floor to complain that their work has become less enjoyable and usual stuff but IMO fail to really understand what this is all about, they are all taking it personally as if this is some form of punishment and that they are all being treated like children and being treated unfairly.
What I am hoping to achieve from here is finding someone who could help clear up what it means to be PCI and why a company is best served by being so, that this restriction is not a personal attack on staff but more a company decision which makes customers details that little more secure and stops the company from being fined for failing to be up to date with certain guidelines.
In all honesty they think it is bad now, I am waiting for them to remove the notepads we use at the moment and then people out on the floor will really moan and groan, but it is really for the better and I want to try and make them understand why the company is doing this.
So is there anyone out there that might help clear up how PCI compliance works at all?
I know it's probably not the most common type of work related queries that come up in this place but this forum has proved rather useful of late.
Basically I am part of a colleague focus meeting, where a few people get to have a meeting with the bigwigs about certain things we felt we being dealt with poorly etc...
Now one subject that has come up recently is internet access and compliance around PCI guidelines.
I have worked in previous jobs where they are so focused on being compliant that internet is completely shut down and all there is work emails and whatever web based admin systems we used at the time, plus there was no pen and papers allowed at our desk to reduce the risk further of being able to copy sensitive customer details, ranging from name and address to bank details etc etc.
However since my current work place after years of allowing internet surfing at your desk has become focused on being more compliant it has meant that those days are gone and all that is left is strictly work related sites and emails, this has led to many on the floor to complain that their work has become less enjoyable and usual stuff but IMO fail to really understand what this is all about, they are all taking it personally as if this is some form of punishment and that they are all being treated like children and being treated unfairly.
What I am hoping to achieve from here is finding someone who could help clear up what it means to be PCI and why a company is best served by being so, that this restriction is not a personal attack on staff but more a company decision which makes customers details that little more secure and stops the company from being fined for failing to be up to date with certain guidelines.
In all honesty they think it is bad now, I am waiting for them to remove the notepads we use at the moment and then people out on the floor will really moan and groan, but it is really for the better and I want to try and make them understand why the company is doing this.
So is there anyone out there that might help clear up how PCI compliance works at all?
0
Comments
-
PCI DSS concerns storage of credit card information.
Any company that processes credit or debit card transactions must be PCI DSS compliant. If they are not then a) they are opening themselves up to a large financial risk and b) their processing bank will very soon refuse to process any transactions. PCI DSS is a standard that ensures credit card information is handled securely. Part of it is to do with online transactions, but it also covers manual handling of such data, the most common form of which is processing transactions that are taken over the phone.
If people processing credit card information have access to the open internet then there is a risk of the credit card data escaping were someone to input it to a website, or Email it outside the company. The standard does not dictate how an organisation should operate. That is up to the management. Blocking all access to such websites is perhaps a bit over the top, but it really depends how far your employer has decided to go to minimise that risk.0 -
When companies suddenly realise that they may be facing stiff penalties for non-compliance they often have something of an overreaction in the immediate aftermath. A few years ago we had a huge panic about Sarbanes Oxley and overnight removed swathes of access from staff. As a result many of us found it very difficult if not impossible to do vital parts of our jobs.
The best you can hope for in such a case is that after a period of reflection and a better understand of exactly what is required that some of the restrictions will be rolled back or alternatives put in place that will make life a bit easier.0 -
It does sound OTT reaction.
I work for a PLC and we are obsessed about PCI etc, but equally we are not prevented from most websites, including facebook (which we use a lot for business purposes too)
they are quite refreshing actually. My husband has never handled a credit card in the course of his job in his life, and everything internet is locked down where he works0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.6K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards