Skip to main navigation Skip to main content

Complying with the latest industry security standards will help safeguard your customers and your business against theft and fraud.

Protecting your business and your customers

The Payment Card Industry Data Security Standard (PCI DSS) is a set of mandatory requirements designed to safeguard cardholder data. PCI DSS compliance is mandatory for any business that processes card transactions.

We are pleased to announce the launch of our PCI DSS short report to give insights on complex payment regulations.

Download The business benefits of PCI DSS short report

At Lloyds Bank Cardnet, we’re here to help you make sure your business is compliant.

To complement the short report you can also view our short video.

Benefits of PCI DSS compliance

What does PCI DSS mean for my business?

Being PCI DSS compliant means demonstrating that your business is handling cardholder data safely and securely.

You can keep only the essentials needed for your business such as name, account number or expiry date, provided these are stored in a compliant way.

You can’t store the following information:

  • Information stored in the magnetic stripe
  • The three-digit number signature strip used for mail/telephone orders or online transactions

The 12 requirements of PCI DSS

PCI DSS compliance is based on 12 requirements. The specific requirements that apply to your business depend on how you process credit cards.


PCI DSS Requirements

Build and maintain a secure network

  1. Install and maintain a firewall configuration to protect data
  2. Do not use default passwords for system and other security programs

Protect Cardholder Data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data and sensitive information across open public networks

Maintain a vulnerability management program

  1. Use and regularly update anti-virus software
  2. Develop and maintain secure systems and applications

Implement strong access control measures

  1. Restrict access to cardholder data to employees on a need-to-know basis
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Regularly monitor and test networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Maintain an information security policy

  1. Maintain a policy that addresses information security within your business

To help you better understand these requirements, we have a dedicated PCI DSS help line you can call on 0330 8080798 (9am to 5pm Monday to Friday).

How do I become compliant?

We write to all Cardnet SME merchants when they join us to explain their PCI DSS reporting options and how to use the Cardnet merchant PCI portal.

The Cardnet merchant PCI portal offers a range of services and options to assist merchants with reporting, attaining and maintaining their compliance with PCI DSS, including a dedicated PCI Helpdesk and online chat facility.

Merchants may choose to self-upload their compliance documents to the Cardnet PCI portal at no charge, or opt for our assisted or proactive data security services.

How and when should I renew my compliance?

You need to renew your PCI DSS compliance each year. This is to reflect possible changes to your processes or card acceptance equipment, and changes in the Standard itself as it adapts to new security threats or market requirements. Usually, PCI DSS compliance is far easier in subsequent years and won’t take as long to complete.

How to renew PCI DSS compliance

How can Lloyds Bank Cardnet help?

We have a dedicated team to help you become and stay compliant, and to certify your compliance.

Call on 0330 8080798 (9am to 5pm Monday to Friday) if you have any questions regarding PCI DSS.

What are the charges for non-compliance?

If your business is processing card payments and you’re not yet compliant with PCI DSS, you are likely to be paying a monthly PCI DSS non-compliance charge. Your card acceptance services and machines could also be revoked.

Consequences of not being compliant

What if my business works with third parties?

If you have third parties involved in processing or storing card transaction data on your behalf, you need to ensure that they are compliant. Third parties can include software providers, payment service providers, web hosting companies, EPOS and till vendors, to name just a few.

Here's what you'll need to do:

Need more information about PCI DSS or security?

Or call our dedicated PCI DSS help line with any questions on 0330 8080798 (9am to 5pm Monday to Friday).

  • Self Assessment Questionnaire (SAQ) — A form that takes merchants through the steps of evaluating their PCI DSS compliance. There are different versions of the SAQ, depending on the type of business and the amount of card payments it accepts per year.
  • Quality Security Assessor (QSA) — A person who is certified by the Payment Card Industry Security Standards Council to formally assess businesses for PCI DSS compliance.