PCI Self Assessment - Frequently Asked Questions About PCI

All small to medium sized business can complete the PCI Self Assessment Questionnaire unless they process more than a million cards a year.

The Payment Card Industry Security Standards Council, comprised of American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. have recently updated their global policies to protect cardholder data. As a result of increased credit card fraud, the Security Standards Council has modernized the standards in an effort to obstruct and prevent further theft of personal information. The new PCI requirements are strictly enforced by the payment card brands to all merchants who transmit, store, or process credit card information.

The individual payment brands, (Visa, American Express, Discover, JCB, and MasterCard), all have their own consequences for non-compliance. See question 8 for more details. Taking the time to become compliant and remaining vigilant about securing cardholder information from theft will not only protect your company in case of a security breach, but will also build trust in your customers. Click here to start the process of meeting the PCI requirements!

PCI DSS requires that the personal account number, (PAN), be masked whenever possible. Occasionally, there may be a valid business need to view the PAN. In these circumstances, security software needs to be installed so the PAN is not continually displayed on the screen.

A merchant is someone who accepts credit cards as a form of payment. A merchant stores, processes, or dispatches cardholder data.

Unfortunately, no. Each administrator must have his or her own unique user ID and corresponding password. This PCI requirement helps businesses track any possible misuse back to the individual promptly.

Compliance with PCI DSS is enforced by the individual payment brands, (Visa, American Express, Discover, JCB, and MasterCard), and each have their own compliance programs for enforcement.

Merchants will be fined up to $500,000 per incident if they are not PCI compliant at the time of the security breach. Start the process of becoming a PCI compliant merchant by clicking here.

If the Primary Account Number (PAN) is not stored processed, or transmitted, then the requirements of PCI DSS are not applicable. If the merchant shares cardholder information with a third-party processor, the merchant is responsible for making certain that the third-party processor follows PCI-DSS standards.

We recommend seeking guidance from a professional with questions pertaining to the Self-Assessment Questionnaire. Click here to start the process.

Your validation will expire in one year.

Technically, you are compliant after completing the PCI Self Assessment Questionnaire; however, ongoing assessments and monitoring is required to maintain a secure system. Any changes in your system can render you non-compliant instantaneously.

Stop paying hundreds of dollars for credit card processing
mandates and PCI Regulatory Compliance Fees!

PCI Requirements
FAQs

PCI RequirementsFAQs

How do I know if my business qualifies to do a self-assessment?

What exactly is the Payment Card Industry Data Security Standard?

What happens if I do not become compliant?

The full credit card number is visible in my browser window, is this allowed?

Who is considered a merchant?

There are only X number of administrators who access credit card information at my business, can all administrators share one password?

Who enforces the compliance of PCI DSS?

What fines will I incur if I do not comply with the new standards?

If I use a payment gateway and do not process transactions, do I still have to follow the guidelines of PCI DSS?

Where can I find assistance for completing the Self-Assessment Questionnaire?

If my organization has recently validated compliance against the PCI DSS Questionnaire, when will my validation expire?

Am I compliant after I complete the Self-Assessment Questionnaire?

PCI Requirements
FAQs