What compliance and security does your iGaming payment system need?
An important part of setting up the payment system for your iGaming platform is making sure that it is compliant with industry security standards.

Any vendors that transact online, including online gambling platforms, need to make sure they stay within the necessary compliance regulations of the Payment Card Industry (PCI).

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that applies to organisations that handle credit and debit card payments from the major card schemes. These include businesses that handle transactions from Visa, MasterCard and American Express, amongst many others across Europe.

PCI compliance means sticking to a set of security standards that have been developed to protect card information during and after a financial transaction. The security standards are essential for payment gateway processors to keep their customers data and money safe. As an iGaming operator you'll need to stick to these standards, provided you're in one of the 53 participating countries - which include all EU countries.

Which businesses need to be PCI compliant?

If your business accepts card payments, or wants to start accepting them, you need to be PCI compliant, no matter how big or small your business is.

After you've signed up with your payment gateway, you'll have two months from this date to prove that you are compliant, otherwise you may face a fine.

What does PCI DSS cover?

PCI DSS covers secure data transmission, secure data storage, intrusion to detection, access to private information, and methods for collecting sensitive information. PCI compliant companies also undergo periodic auditing to ensure that their standards of compliance are being met.

You should also note that all employees who handle cardholder data need to have an awareness of the necessary levels of compliance and security.

Levels of PCI Compliance

There are four different levels of PCI compliance, and each has its own specific requirements. The level that you need to adhere to will depend on the number of card transactions you process:

  • Level 1 – Your business processes over 6 million transactions each year.

  • Level 2 – Your business processes 1 million to 6 million transactions each year.

  • Level 3 – Your business processes 20,000 to 1 million transactions each year.

  • Level 4 – Your business processes less than 20,000 transactions each year.
PCI Compliance checklist

To become compliant, you'll need to meet a number of security requirements, which are sometimes called a PCI checklist. You may not need to comply with all of them, because they depend on the type and volume of transactions you plan on processing.

Here are the 12 possible requirements that you need to meet in order to become fully compliant:

1. Install and maintain a firewall configuration to protect cardholder data.

2. Don't use vendor-supplied defaults for system passwords and other security parameters.

3. Protect stored cardholder data.

4. Encrypt transmission of cardholder data across open, public networks.

5. Protect all systems against malware and regularly update antivirus software or programs.

6. Develop and maintain secure systems and applications.

7. Restrict access to cardholder data by labeling 'need-to-know' data.

8. Identify and authenticate access to system components.

9. Restrict physical access to cardholder data.

10. Track and monitor all access to network resources and cardholder data.

11. Regularly test security systems and processes.

12. Maintain an information security policy that addresses information security for all personnel.

How can you get your PCI DSS certification?

If you are looking to make sure that your business is PCI compliant, you will need to fill out an online PCI Self-Assessment Questionnaire (also known as an SAQ). The questionnaire will identify the possible risks of your payment portal. This questionnaire needs to be completed every 12 months for you to stay legally compliant.

For more advice about the required security and compliance systems for your iGaming payment portal, get in touch with a member of the RedLab Gaming team today and book a free consultation.