PCI DSS Merchant Compliance Summary


The Payment Card Industry (PCI) Data Security Standards (DSS) are now required for all merchants, including:
  • Retail (brick-and-mortar)
  • Mail/telephone order
  • e-Commerce

All major credit card associations such as Visa, MasterCard, American Express, Discover, Diners Club and JCB all endorse, and require the unified PCI Data Security Standards.


Why Comply?

Both Visa and MasterCard impose fines for non-compliance. For fine information see the Visa or MasterCard compliance regulations.


PCI DSS Basic Requirement

Testing is required for all external IP addresses (Internet connection points such as your company website, mail server, firewall, dial-up modem, wireless AP, etc.). A good rule of thumb is if you have email at your business then you need to be tested. If you do not have an Internet connection then you should purchase the "Site Certification No Internet" product.


Safe Harbor

Visa defines safe harbor as the following:
"Safe harbor provides members protection from Visa fines and compliance exposure in the event its merchant or service provider experiences a data compromise. To attain safe harbor status:

1. A member, merchant, or service provider must maintain full compliance at all times, including at the time of breach as demonstrated during a forensic investigation.

2. A member must demonstrate that prior to the compromise their merchant had already met the compliance validation requirements, demonstrating full compliance."

As of June 2001, Visa requires all merchants to be CISP compliant in North America. In Europe all Visa merchants are required to be AIS compliant. Both Visa security programs are currently based on the PCI Data Security Standard. It is the acquirer's responsibility to ensure all of their merchants are PCI DSS compliant.


PCI Compliance Reference

Merchant
Level		 Compliance Required Compliance Date
1 Yes June 2001
2 Yes June 2001
3 Yes June 2001
4 Yes June 2001


PCI Compliance Validation

As of June 2001, Visa requires all merchants to be CISP compliant in North America. In Europe all Visa merchants are required to be AIS compliant. Both Visa security programs are currently based on the PCI Data Security Standard. It is the acquirer's responsibility to ensure all of their merchants are PCI DSS compliant.
  


Enroll Now for Guaranteed Merchant Compliance


Additional Compliance Information

Merchant Compliance Levels
Service Provider Compliance
Merchant Compliance Guide (PDF)
Site Certification


Free Compliance Consultation

Call 801.705.5665 if you would like to speak to one of our Compliance Specialists about your unique situation, special considerations or custom solutions.


Merchant Compliance Guarantee

SecurityMetrics Site Certification is guaranteed. We guarantee to provide the information required for compliance.

If you require compliance information, technical assistance, additional scanning results or any other information we will provide it for you at no charge to ensure you can become compliant as soon as possible.