Q: I’m a small merchant who has limited payment card transaction volume. Do I need to be compliant with PCI DSS? A: All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards. Q: What are the deadlines for complying with PCI DSS? A: Compliance is mandated by the payment card brands and not by the PCI Security Standards Council. However, for most merchants, the deadlines for validating compliance with the PCI DSS have already passed. You should check with your acquirer and/or merchant bank to check if any specific deadlines apply to you, based on merchant transaction volume (level) as determined by the card payment brands. All entities that transmit, process or store payment card data must be compliant with PCI DSS. Q: Why is there a fee associated with this? A: The amount of work that is involved and the cost associated with verifying the SAQ allows the processor to charge a small fee. Many processors are charging up to $150.00 annually.
 
Indyhost.Net is a registered ISO in association with First National Bank of Omaha, Omaha, Nebraska.
© Copyright 2009. Indyhost.net.  All rights reserved.

 
 
demo video remote assistance email us