|
|
PCI Compliance Information |
The PCI DSS version 1.1, is a set of
comprehensive requirements for enhancing payment
account data security, that was developed by the
founding payment brands of the PCI Security
Standards Council, including American Express,
Discover Financial Services, JCB International,
MasterCard Worldwide and Visa Inc.
International, to help facilitate the broad
adoption of consistent data security measures on
a global basis.
What are the deadlines for complying with PCI
DSS?
Compliance is mandated by the payment card
brands and not by the PCI Security Standards
Council. However, for most merchants, the
deadlines for validating compliance with the PCI
DSS have already passed. You should check with
your acquirer and/or merchant bank to check if
any specific deadlines apply to you, based on
merchant transaction volume (level) as
determined by the card payment brands. All
entities that transmit, process or store payment
card data must be compliant with PCI DSS.
I’m a small merchant who has limited payment
card transaction volume. Do I need to be
compliant with PCI DSS? If so, what is the
deadline?
All merchants, whether small or large, need to
be PCI compliant. The payment brands have
collectively adopted PCI DSS as the requirement
for organizations that process, store or
transmit payment cardholder data. PCI SSC is
responsible for managing the security standards
while each individual payment brand is
responsible for managing and enforcing
compliance to these standards. For questions
regarding compliance validation requirements and
deadlines as well as compliance reporting
requirements, we recommend that you contact your
acquirer. For more information regarding the PCI
security standards and supporting documentation,
including the “Navigating the PCI DSS” as well
as targeted Self Assessment Questionnaires to
assist small and medium merchants, please visit
the PCI SSC website at:
www.pcisecuritystandards.org.
Is the Self-Assessment Questionnaire all I
need to do to validate compliance with the
Payment Card Industry Data Security Standard (PCI
DSS)?
In accordance with payment brands’ compliance
programs, those merchants and service providers
who are permitted by the payment brands to
self-evaluate their compliance with the PCI DSS
may need to complete the following steps: 1.
Complete the Self-Assessment Questionnaire
according to the instructions in the Self-
Assessment Questionnaire Instructions and
Guidelines. 2. Complete a clean vulnerability
scan with a PCI SSC Approved Scanning Vendor (ASV),
and obtain evidence of a passing scan from the
ASV. 3. Complete the relevant Attestation of
Compliance in its entirety (located in the SAQ).
4. Submit the SAQ, evidence of a passing scan,
and the Attestation of Compliance, along with
any other requested documentation, to your
acquirer.
|
|
|
