PCI DSS information security policy

This PCI DSS Information Security Policy explains how The Live Karaoke Band uses the Worldpay Payments Link+ service to handle online credit card payments.

The Live Karaoke Band Limited

Version: 1.0
Date: 15 June 2026
Business: The Live Karaoke Band Limited, trading as The Live Karaoke Band
Company number: 16678543
Registered office: The Ivy House, 1 Folly Lane, Petersfield, Hampshire, England, GU31 4AU
Website: https://livekaraokeband.co.uk
Email: info@livekaraokeband.co.uk

1. Purpose of this policy

This policy explains how The Live Karaoke Band Limited protects payment-related information when accepting card payments from customers.

The Live Karaoke Band Limited uses Worldpay Payment Links+ to accept occasional ad hoc card payments, such as booking deposits, balance payments, additional services, and other payments connected to agreed quotes, invoices, or event bookings.

The business does not operate its own card payment gateway, does not process card transactions through its own website, and does not store full card details.

2. Scope

This policy applies to:

  • The owner/director of The Live Karaoke Band Limited
  • Any person authorised to assist with payment administration
  • Devices used to create, send, or manage Worldpay payment links
  • Email, website, invoice, and customer communication systems used in connection with payments
  • Any customer payment information received by the business

This policy does not cover Worldpay’s own payment processing environment, which is managed by Worldpay.

3. Card payment method

Card payments are accepted using Worldpay Payment Links+.

Customers are sent a payment link for a specific agreed payment. The customer enters their card details directly into Worldpay’s hosted payment environment.

The Live Karaoke Band Limited does not collect, view, store, or process full card numbers, card security codes, magnetic stripe data, chip data, or PIN data.

4. Cardholder data

The Live Karaoke Band Limited does not intentionally store cardholder data.

The business must not record, request, or retain:

  • Full card numbers
  • Card security codes, including CVV, CVC, CVV2, or CID
  • PIN numbers
  • Magnetic stripe data
  • Chip data
  • Card details sent by email, text message, messaging apps, or written notes

If a customer accidentally sends card details by email, text message, or another communication channel, the information should not be used. The customer should be asked to use the secure Worldpay payment link instead. The message containing card details should be deleted as soon as reasonably possible.

5. Access control

Access to Worldpay, email, website administration, accounting systems, and other payment-related systems must be restricted to authorised users only.

Where available, accounts must use:

  • Strong passwords
  • Multi-factor authentication
  • Unique login details for each service
  • Access only where needed for legitimate business purposes

Passwords must not be shared with customers, suppliers, band members, or unauthorised third parties.

6. Device security

Devices used to manage payment links or payment-related administration should be kept secure.

Reasonable security measures include:

  • Keeping operating systems, browsers, and security software up to date
  • Using password, PIN, fingerprint, or face recognition access where available
  • Locking devices when not in use
  • Avoiding payment administration on public or untrusted devices
  • Avoiding public Wi-Fi for payment administration unless a trusted secure connection is used
  • Taking reasonable care to prevent loss, theft, or unauthorised access

7. Email and customer communication

The Live Karaoke Band Limited may use email to send payment links, invoices, booking confirmations, and payment reminders.

Payment links should only be sent in connection with genuine agreed payments, such as:

  • Booking deposits
  • Balance payments
  • Additional agreed services
  • Event-related charges
  • Corrected or replacement invoices
  • Other ad hoc payments agreed with the customer

Emails containing payment links should clearly identify the payment purpose where possible.

Customers should not be asked to send card details by email, text message, WhatsApp, social media message, or any other insecure channel.

8. Website security

The Live Karaoke Band website may provide payment information or direct customers to make a payment through Worldpay.

The website must not collect or store full card details.

Reasonable steps should be taken to keep the website secure, including:

  • Keeping the website platform, modules, plugins, and themes up to date
  • Using HTTPS
  • Restricting administrator access
  • Using strong passwords and multi-factor authentication where available
  • Removing unused accounts, plugins, modules, or services where appropriate

9. Third-party providers

The Live Karaoke Band Limited relies on trusted third-party providers for services such as card payment processing, website hosting, email, accounting, and business administration.

Worldpay is used as the card payment provider. Card details are entered into Worldpay’s hosted payment environment and are not handled directly by The Live Karaoke Band Limited.

Where payment-related third-party services are used, the business will take reasonable steps to use reputable providers appropriate for the service being supplied.

10. Refunds

Where a refund is due, refunds should normally be made back to the original payment method where possible.

Refunds and cancellations are governed by the applicable quote, invoice, booking confirmation, contract, or written agreement issued for the event or service.

11. Paper records

The Live Karaoke Band Limited does not intentionally keep paper records containing cardholder data.

If cardholder data is accidentally written down or printed, it must not be used and should be securely destroyed as soon as reasonably possible.

12. Incident response

If The Live Karaoke Band Limited becomes aware of a suspected payment security issue, such as unauthorised account access, a lost device, accidental receipt of card details, or suspected misuse of a payment link, the business will take appropriate action.

This may include:

  • Changing relevant passwords
  • Revoking access to affected systems
  • Contacting Worldpay
  • Contacting affected customers where appropriate
  • Deleting cardholder data received in error
  • Reviewing how the incident occurred
  • Taking steps to reduce the risk of recurrence

13. Staff and contractor responsibilities

The Live Karaoke Band Limited is a small owner-managed business. Any person assisting with administration, bookings, accounts, website work, or customer communication must follow this policy when handling payment-related information.

Anyone acting on behalf of the business must not request, store, or process customer card details directly.

14. Policy review

This policy will be reviewed at least annually, or sooner if there is a significant change to the way The Live Karaoke Band Limited accepts card payments.

Examples of changes that may require a policy review include:

  • Changing payment provider
  • Adding card payment forms directly to the website
  • Taking payments by phone
  • Using card terminals
  • Allowing additional people to manage payments
  • Introducing new systems that affect payment processing

15. Summary

The Live Karaoke Band Limited accepts occasional card payments using Worldpay Payment Links+.

Customers enter their card details directly into Worldpay’s secure hosted payment environment. The Live Karaoke Band Limited does not store full card details and does not operate its own card-processing system.

The business will take reasonable and proportionate steps to protect payment-related information, use secure systems, restrict access, and respond promptly to any suspected payment security issue.

PCI DSS Compliance Certificate