RMS Logo

RMS - Retail Solutions that Work for You

Scan this QR code to visit the RMS web-site


Retailers are frequently asking RMS the question – “What does a small-to-medium sized business have to do in order to satisfy the PCI DSS requirements?”

It is such a frequently asked question because most retailers understand that if they lose credit/debit card data through a data breach and they are not PCI DSS compliant, then they are likely to incur Card Scheme fines for the loss of this data and may be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts.

In addition it’s likely that their customers may also not want to do further business with them.

Because these consequences can be huge, we decided to ask this important question, and others, to BC Technologies LLP who provide PCIDSS compliance expertise to businesses in a range of sectors. Their role is to take the distraction of IT technology away from a retailers business so that the retailer can concentrate on achieving business targets. We spoke with John Orr and the following is a summary of our conversation.

Q. PCIDSS – what is it?

A. Most retailers who take card payments whether through rented or owned terminals will be aware of Payment Card Industry Data Security Standard or PCIDSS for short.  The objective of PCIDSS is to reduce fraud and the theft of sensitive data by tightening up the procedures that surround the use of cards and the transaction process. When card fraud occurs any subsequent investigation will focus on this.

Q. How does it work?

A. Compliance to PCIDSS is undertaken by self-certification. The retailer is required to fill out an online questionnaire which is designed to probe into those aspects of its IT network and card handling processes that could be vulnerable to data theft and fraud. If the processes are good and the retailer understands the questions then they will pass the compliance test. This means their risk of fraud and data theft is managed to an acceptable level. Through the questionnaire they will become aware of the need to manage and document the processes involved when their business takes a card payment. Because card fraud and data security takes place in a technical environment the questionnaire is both complex and jargon laden.
If a retailers answers fall short then their business is found to be non-compliant. At that point they need to address the non-compliance issues.

Q. What does non-compliance mean for a retail business?

A. Put simply it means that some aspect of their card payment set up is not as secure as it could be and that they are vulnerable to fraud and data theft. Non-compliance has to be rectified and they may be liable to fines and possibly even termination of their card payment service.

Q. Who is responsible?

A. The retailer is! The questionnaire has to be signed off by a senior manager in company. The sign off binds them to quarterly review and annual re certification.

Q. Is this just an Annual Commitment?

A. Yes and No – The sign off includes an undertaking to keep compliance under review every three months in addition to the annual questionnaire.

Q. Scope – this term pops up, what does this mean?

A. In order to deal with the assessment the retailer needs to consider the various points that are touched by their payment system i.e. the Scope. Does the card reader share the Wi-Fi that is offered to customers? Is the reader in any way linked to other computers or devices in the business’ network?  If the retailer operates on-line, how do they organise the storage of transaction data? Is the website secure? Who amongst the retailers staff has access to any transaction related data? Have the staff been vetted and trained in card payment and anti- fraud procedures? All these touch points fall within the scope of the payment system and the PCIDSS questionnaire.

Q. Is it possible to reduce the Scope for an easier and more secure life?

A. Bear in mind that in order to manage the card payment process the retailer needs to have a written policy to cover each touch point. If they have a policy then they need to document how they review that policy. So not only do they reduce their risks but they reduce their workload if they can keep their scope narrow.
Many retailers will use payment systems which run through on-line portals or chip and pin systems. The PCIDSS will perform tests on a retailers website to determine security. The retailer would be responsible for checking that their card machine is not tampered with or stolen. At the other extreme there are businesses taking card details by phone. The opportunities for fraud when card details are taken by phone are immense. Are details written down? By whom? Are the staff trained and vetted, where and how is that data stored, who has access to? Is it securely destroyed?
These simple questions will all require a process and policy. Just like Health and Safety the retailer needs to have a policy, procedures and a log to demonstrate that their PCIDSS compliance is reviewed and updated. You can see that defining Scope is critical both to security and to the resources required to achieve compliance.

Q. How can a small retailer easily deal with PCIDSS compliance?

A. The system exists to reduce to reduce the risk of fraud and delaying or ignoring compliance is simply extending risk. The time and effort involved in dealing with PCIDSS can be burdensome and given the consequences of fraudulent activity it makes sense to outsource the know how to achieve initial compliance. When a retailer starts in the right place they can then take on the ongoing reviews from a position of knowledge.

Q. Where can a small retailer get other PCIDSS compliance questions answered?

A. Two sources: 1. Give us a call at BC Technologies LLP – 01369 706656. or 2. On the PCI ComplianceGuide.org website.


You can Freephone RMS today on 0800 138 0050 or complete our on-line enquiry form to speak with one of our dedicated team. Either way, we look forward to helping you with the EPoS  needs of your growing business.

You can also follow RMS on Social Media for all the latest information on the benefits, features and great deals on EPoS Hardware.

What to consider when choosing a Receipt Printer for your business

RMS Logo

RMS - Retail Solutions that Work for You

Scan this QR code to visit the RMS web-site


restaurant-kitchen-printerOne of the most important components of an electronic point of sale (EPoS) system in your business is the receipt printer.

Retail shops and leisure facilities use them to print the legally required credit card slips and customer receipts. They are also used by restaurants to print off orders in the kitchen or at the bar.

There are three main options of receipt printers – Thermal printers (the most popular), Dot matrix printers, and Inkjet printers. Read on to find our which type could suit you best…..

Continue reading

Here’s how retailers can quickly cut through today’s technological hardware puzzle and communicate with their customers..

RMS Logo

RMS - Retail Solutions that Work for You

Scan this QR code to visit the RMS web-site


ADSL, VoIP, SIP, LAN, WAN, BABT, FTP, ISDN, BYOD, Wireless, Cloud-managed, IP Office, Multi-channel, Bandwidth, Mind-boggling!

Today we are operating in a fast moving environment where new forms of communication are playing a big role in the world of retail.

For many independent retailers needing to effectively communicate with customers, all the acronyms and phrases surrounding today’s technology can be extremely puzzling, and that’s before the actual hardware required is considered!

It is a sign of strength in an individual to recognise when you are not good at something and bring someone in who is. We all know that we should employ the right people to perform in areas where we do not feel comfortable or have the necessary expertise to do the best possible job.

But, most independent businesses don’t have the budget for such a position.

Fortunately, that’s where BT Local Business can help you.

We spoke recently with David Hodge, Managing Director, of BT Local Business Edinburgh & South Scotland about how his company assists retailers cut through the technological jargon and hardware to ensure they are equipped correctly to communicate effectively with the public.

The following is the insights David provided to our questions …………

Continue reading

Are you managing your retail stock the hard way?

RMS Logo

RMS - Retail Solutions that Work for You




The hard way of managing your retail stock normally costs you in time and effort, produces frustration and errors, often involves rework and unnecessary conflict, and generally gives you poor results.

Does this sound like the situation within your retail business? Yes? Then ask yourself, as an intelligent person with an abundance of common sense who is building a business to generate a good lifestyle for you and your family, why consciously decide to jeopardise the realisation of your lifestyle goals by managing your retail stock the hard way?

far too busy to changeWell, sometimes it may have come about due to circumstances at a previous stage of the business’s development which prevented you from planning effectively or assessing the quality of the way in which you were going to manage your retail stock.

There are several other reasons, but fortunately there is a far easier and more effective way to manage your retail stock and overcome them.

In this Blog we examine the easier and more effective way to managing your retail stock to ensure you are not a prisoner to your business ………………

Continue reading