Using standards to protect your business from online fraud and scams

British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.

You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:


Standard number/name Description/Benefits Published by
BS ISO/IEC 27032 Guidelines for cybersecurity BS ISO/IEC 27032 has a section on identifying and preventing social engineering attacks. Otherwise published information security standards do not help a lot. BSI
PCI-DSS standard If you accept payment cards, all major payment processors insist that you comply with the PCI-DSS standard from the PCI Security Standards Council. This provides you with some guarantee that you will receive payment, but card issuers retain the right to later make chargebacks if the transaction is disputed. Your bank should be able to provide you with guidance on minimizing the risk of chargebacks. PCI Security Standards Council
Cyber security and fraud: the impact on small businesses Worth reading instead is a recent report produced by the Federation of Small Businesses called Cyber security and fraud: the impact on small businesses. Federation of Small Businesses

Get Safe Online guidance:

You will also find useful advice on the Get Safe Online website, which has a page specifically addressing business fraud, as well as specialist pages on topics such as online payments. Action Fraud also has useful advice for small businesses on fraud prevention. Get Safe Online