PCI Compliance

We are PCI DSS Level 1 Compliant. This means that we have been audited and certified by a third party, confirming that we are fully compliant with the standards set out by the Payment Card Industry Security Standards Council.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle, store or transmit payment card information. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.

This commitment to PCI Compliance gives our clients the peace of mind to be confident that their tenants and customer card data is safe and in line with international standards of security. We have a separate and secure environment from which payments are received and made. This environment is tested on an ongoing basis to ensure it is impenetrable from attack and risk is managed continuously.

What are the potential risks of not being compliant?

Apart from the reputational and organisational damage that could be caused by a potential breach of PCI compliance, there are some real financial penalties that can be passed onto an organisation should there be a case of fraud uncovered; leading back to the housing association. The fine from the payment brands are discretionary in value; non-compliance will result in card scheme fines being passed onto you, monthly non-compliance fines, and/or termination of your card processing facilities. The costs involved after a data security breach can be extremely high.

If it is found that compromise occurred due to non-compliance, an organisation would be fined – £10,000+ (source: The UK Card Association).