Your selected question
Barclaycard say they want to help me, but when I ask technical questions about PCI DSS all they do is refer me to a QSA?
We at Barclaycard are not allowed by the Card Schemes and the PCI Security Standards Council to give technical advice on how to fulfill the requirements of the standard. For example, we cannot give advice on how to protect data and what storage options to use, only accredited organisations can provide this.
However, the standard applies equally to manual processing and storage of cardholder information as well as to electronic methods of storage. Even if the merchant hasn't got a presence on the internet and does not process or store cardholder data electronically, they may be storing cardholder information (e.g. card receipt from terminals, emails received which have cardholder details in them) in a way the standard does not allow.
We have an established programme ‘Barclaycard Data Security Manager’ a programme which helps make it easier for smaller merchants to meet their PCI DSS requirements without having to use a third party assessor. The online service provides the tools needed to achieve, record and maintain compliance with the PCI DSS.
How useful did you find the answer given?Not at all Very useful