|
|
PCI Resource Center
Universal Compliance
 The Payment Card Industry Data Security Standard, developed by the payment brands of PCI’s Security Standards Council, was developed to aid businesses in proactively defending customer data. Any organization that processes transmits, or stores payment card data must meet PCI DSS. Beyond non-compliance fines and losing the ability to process payment cards, organizations that fall victim to security breaches can face litigation fees, lost revenue, and incalculable damage to their brand. PCI compliance is a complex task, best approached with guidance and expertise from an experienced managed security company.
Who is required to maintain compliance?
SAQ Validation Type |
Description |
SAQ: V1.2 |
1 |
Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. |
|
2 |
Imprint-only merchants with no electronic cardholder data storage |
|
3 |
Stand-alone terminal merchants, no electronic cardholder data storage |
|
4 |
Merchants with POS systems connected to the Internet, no electronic cardholder data storage |
|
5 |
All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ. |
|
 Importance of Compliance
Failure to maintain compliance can result in:
- Significant fines
- Higher processing fees
- Removal of ability to process credit cards
- Litigation fees
Useful Links:
Payment Card Resources:
- Negative press
- Loss of peace-of-mind from customers
PCI DSS Self-Assessment Questionnaire Resources:
|
|
