PCI Compliance

What is PCI?

The Payment Card Industry (PCI) Data Security Standard details security requirements for members, merchants and service providers that store, process or transmit cardholder data. To demonstrate compliance with the PCI Data Security Standard, merchants and service providers may be required to validate and conduct a network security scan on a regular basis as defined by the PCI Security Standards Council. (more)

The cost to develop and deploy the software to be PCI compliant is only partly defrayed by passing some of the fees to merchants by way of an annual fee.

I didn't sign any documents agreeing to be compliant

The PCI standard forms part of the operating regulations that are the rules under which merchants are allowed to operate merchant accounts. The regulations signed when you open an account at the bank state that the VISA regulations have to be adhered to. Even if you have been in business for decades, PCI still applies if you store, process or transmit credit cards.

Who has to be compliant?

If you are a merchant or service provider and accept credit cards you must validate PCI compliance at least annually. There is no way around this. Network Security Scans are required of all merchants and service providers with externalfacing IP addresses that collect, process or transmit payment account information. However, even if an entity does not offer Web-based transactions, there may be other services that make systems Internet accessible. Basic functions such as email and employee Internet access may result in the Internet-accessibility of a company's network. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems and can potentially expose cardholder data if not properly controlled.

I'm a small merchant who only takes a handful of cards. Do I need to be compliant?

This is a common misunderstanding with the standard is that small merchants handling only a few credit cards a day are exempt from compliance. If you are a merchant and are set up to take credit cards by any mechanism - then you need to be complaint.

Additional Links

PCI Quick Reference Guide

Compliance validation details for merchants (Visa)

Site Data Protection Program (MasterCard)

What To Do if Compromised (Visa)

About the PCI Data Security Standard

Data Breaches: What the Underground World of "Carding" Reveals

PCI Data Storage Do's and Don'ts

Payment Card Industry Security Standards


Warning: main(../wrapper.php) [function.main]: failed to open stream: No such file or directory in /usr/local/apache/htdocs/customer_resources/pci.php on line 90

Warning: main() [function.include]: Failed opening '../wrapper.php' for inclusion (include_path='.:') in /usr/local/apache/htdocs/customer_resources/pci.php on line 90

Warning: main(../footer.php) [function.main]: failed to open stream: No such file or directory in /usr/local/apache/htdocs/customer_resources/pci.php on line 92

Warning: main() [function.include]: Failed opening '../footer.php' for inclusion (include_path='.:') in /usr/local/apache/htdocs/customer_resources/pci.php on line 92