PCI-DSS and Employee Background Check
For RiskReduct, PCI DSS compliance is not just about protecting credit card information but also about ensuring that all sensitive data, including personal and financial information collected during background checks, is securely handled. The same principles that protect payment card data can be applied to secure other types of sensitive information.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary standard designed to ensure the security of organisations that handle branded credit cards from major schemes like Visa, MasterCard, American Express, Discover, and MasterCard etc. According to Requirement 12.7 of the PCI DSS, organisations must conduct background checks on any potential employee who will have access to cardholder data or the cardholder data environment. While not mandatory, background checks are also recommended for employees who access only a single card number at a time during transactions, such as cashiers, sales assistants in shops and supermarkets
-
The PCI DSS standard comprises of the following checks.
- Identity Verification: Confirm the person's identity through official documents.
- 3 years Employment History: Verify previous employment details for accuracy and gaps.
- Basic Criminal Record Check: Conduct a criminal record check to identify any relevant convictions.
- Right to Work: Ensure the individual has the legal right to work in the UK.
- Financial Checks: For some roles, particularly those involving financial responsibilities, check financial history to assess any potential risk.