FAQ
I’m a seasonal merchant. Does my merchant account still need to be PCI Compliant?
Yes, all merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.
I only process a few hundred dollars a month. Does my merchant account still need to be PCI Compliant?
Yes, all merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.
I have never heard of PCI Compliance before, is this new?
No. Merchants have been advised to take the PCI self-assessment and be compliant for the past 3 years. The framework of the PCI data security standards has existed in different forms for some time now and continues to evolve. You may be more familiar with the payment brands' programs that promote the implementation of the PCI DSS.
- MasterCard®: Site Data Protection (SDP) program
- Mastercard.com/sdp
- Visa®: Cardholder Information Security Program (CISP)
- Visa.com/cisp
- Discover® Network: Discover Information Security & Compliance (DISC)
- Discovernetwork.com/fraudsecurity/disc.html
- American Express®: Data Security Operating Policy
- AmericanExpress.com/datasecurity
What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standards (DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc. to facilitate industry-wide adoption of consistent data security measures on a global basis.
I’m a seasonal merchant. Does my merchant account still need to be PCI Compliant?
Yes, all merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.
I only process a few hundred dollars a month. Does my merchant account still need to be PCI Compliant?
Yes, all merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.
I have never heard of PCI Compliance before, is this new?
No. Merchants have been advised to take the PCI self-assessment and be compliant for the past 3 years. The framework of the PCI data security standards has existed in different forms for some time now and continues to evolve. You may be more familiar with the payment brands' programs that promote the implementation of the PCI DSS.
- MasterCard®: Site Data Protection (SDP) program
- Mastercard.com/sdp
- Visa®: Cardholder Information Security Program (CISP)
- Visa.com/cisp
- Discover® Network: Discover Information Security & Compliance (DISC)
- Discovernetwork.com/fraudsecurity/disc.html
- American Express®: Data Security Operating Policy
- AmericanExpress.com/datasecurity
What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standards (DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc. to facilitate industry-wide adoption of consistent data security measures on a global basis.
