An important part of setting up the payment system for your iGaming platform is making sure that it is compliant with industry security standards.
Any vendors that transact online, including online gambling platforms, need to make sure they stay within the necessary compliance regulations of the Payment Card Industry (PCI).
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that applies to organisations that handle credit and debit card payments from the major card schemes. These include businesses that handle transactions from Visa, MasterCard and American Express, amongst many others across Europe.
PCI compliance means sticking to a set of security standards that have been developed to protect card information during and after a financial transaction. The security standards are essential for payment gateway processors to keep their customers data and money safe. As an iGaming operator you'll need to stick to these standards, provided you're in one of the 53 participating countries - which include all EU countries.
Which businesses need to be PCI compliant?
If your business accepts card payments, or wants to start accepting them, you need to be PCI compliant, no matter how big or small your business is.
After you've signed up with your payment gateway, you'll have two months from this date to prove that you are compliant, otherwise you may face a fine.
What does PCI DSS cover?
PCI DSS covers secure data transmission, secure data storage, intrusion to detection, access to private information, and methods for collecting sensitive information. PCI compliant companies also undergo periodic auditing to ensure that their standards of compliance are being met.
You should also note that all employees who handle cardholder data need to have an awareness of the necessary levels of compliance and security.
Levels of PCI Compliance
There are four different levels of PCI compliance, and each has its own specific requirements. The level that you need to adhere to will depend on the number of card transactions you process:
- Level 1 – Your business processes over 6 million transactions each year.
- Level 2 – Your business processes 1 million to 6 million transactions each year.
- Level 3 – Your business processes 20,000 to 1 million transactions each year.
- Level 4 – Your business processes less than 20,000 transactions each year.