Frequently asked questions

It’s a list of requirements for every business taking card payments created by the five major international card schemes (Visa, Mastercard, Discover, American Express and JCB). It's mandatory – every business that takes card payments needs to meet it. By being compliant with PCI DSS, you’ll have protection from data breaches. The aim is to ensure cardholder data has the best possible protection from fraud. If you do not meet the deadline to become complaint you could incur non-compliance charges. 

Of course. Just call our Data Security Manager (DSM) help desk on 0800 015 9518 (+353 151 35150 for Ireland) and they’ll make sure you have all you need. Lines are open Monday – Friday from 8am to 8pm, and from 9am to 12 noon on Saturdays.

It’s here – barclaycarddatasecuritymanager.co.uk Just follow the instructions once you’ve logged in. There’s also a live chat facility if you need further help.

You’ll still need to let us know, by uploading your documentation onto the DSM portal.

Log in at barclaycarddatasecuritymanager.co.uk where you’ll find more details of what you need to tell us.

DSM isn’t a team – it’s an online portal. You need to comply with PCI DSS as part of your Merchant Agreement. We’ve set up Barclaycard Data Security Manager (DSM) to make this process quick and easy for you. If you are using Payment Security Service (PSS) then you will still need to use DSM to complete your self-assessment.

Please bear in mind that if you use an alternative Qualified Security Assessor (QSA), you’ll still need to log in to the portal to upload your QSA certified documentation to confirm your compliance. If you’re currently enrolled with Security Metrics, you won’t have to do this as they report your compliance status to us on a daily basis.

If your card reader works through the internet an external vulnerability scan is required to make sure your network is secure. We do this on our side for you – we just need you to let us know your IP address. 

If you’ve tried ‘Reset my password’ and you still can’t log on, call our Data Security Manager (DSM) help desk on 0800 015 9518 (+353 151 35150 for Ireland) and they’ll help you out. Lines are open Monday – Friday from 8am to 8pm, and from 9am to 12 noon on Saturdays.

If you’ve completed the tasks but haven’t provided confirmation to us, these will show as incomplete. You’ll need to provide confirmation when each task is completed. To do this, log into barclaycarddatasecuritymanager.co.uk

Once you’re logged in, you’ll find the list of tasks under the heading ‘Task Centre’, in the order of priority that they need completing. Each one will have an explanation as to what you need to do and by when. Tasks marked [TBA] are overdue. If you don’t complete overdue tasks, this will affect the security of your customers’ payment card data – and your PCI DSS compliance status.

Log in at barclaycarddatasecuritymanager.co.uk. Click on ‘Upload your SAQ and attestation documents’. You can then browse to select the document from your computer or simply drag and drop. Once uploaded, you’ll be prompted to confirm your attestation.

You can put things right by either sending us a secure message via Barclaycard Business online servicing or by calling 0800 161 5343. Lines are open Monday – Friday from 9am to 5pm.

You’ve been automatically enrolled onto DSM so that you can attest your PCI DSS compliance. The DSM fee is £4.80 per month, per level at which you attest your compliance¹. If you’re using a third-party provider, you’ll need to check with them that you’re still compliant. Once they confirm this, you’ll then need to upload your Attestation of Compliance (AoC) to the portal.

Proactive Security Service (PSS) is our fully managed PCI DSS compliance service. Once you are migrated onto PSS or if you have chosen to use this service, our dedicated team will call you and guide you through the whole self-assessment process to make sure you get this right. It takes away the hassle and concern about doing all this yourself – saving you valuable time that could be better spent on your business.

It costs £15 + VAT per month, per outlet². You can opt out of this service, but you must use DSM or a third-party provider to attain PCI DSS compliance.

For details, call our PSS team on 0330 058 3940. Lines are open Monday – Friday from 8am to 8pm, and from 9am to 12 noon on Saturdays.

Call our Data Security Manager (DSM) help desk on 0800 015 9518 (+353 151 35150 for Ireland). Lines are open Monday – Friday from 8am to 8pm, and from 9am to 12 noon on Saturdays.

Sorry, but if the service is provided by another company, we can’t say what fees you’d pay. However, we will still charge you £4.80 per month per level at which you attest your compliance. This is so you can upload your documentation.

PCI DSS v4.0 replaces v3.2.1 to address emerging threats and technologies, and let innovative methods combat new threats.

If you’re compliant to v3.2.1 by 16 January 2024, you’ll only need to attest to v4.0 on your next annual re-attestation date.

You can read about the differences here.

There are no new SAQs but there have been changes to some requirements and new ones added, which may impact your self-assessment.

After 16 January 2024, you’ll need to re-profile your business and complete the SAQ v4.0 when reattesting your annual compliance on our Data Security Manager (DSM) portal.

No, you’ll need to log into the Data Security Manager (DSM) desktop version the first time you validate to v4.0.

You’ll become non-compliant with the PCI DSS and may be putting your business and customers card data at risk to a data breach.

Yes, you can attest to the new version if you’re uploading your compliance before March 2024.

We’re currently working to assess and carry out the migration plan from PCI DSS v3.2.1 to PCI DSS v4.0 for all of our gateways.

If your gateway (for example, Smartpay Advance, Checkout and Fuse) is with Barclaycard, please contact your account manager for more information.