What is PCI Compliance?
Payment Card Industry (PCI) Data Security Standards (PCI DSS) are technical and operational requirements set by the PCI Security Standards Council to make sure all cardholder information is stored, processed, and transmitted securely. To ensure continuity across all card brands the PCI Security Standards Council was formed by the founding members of American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The Council manages the data security standards and compliance is enforced by the individual members. Every business that accepts card payments and stores, processes or transmits payment card data is absolutely required to meet the PCI DSS.
Where to Begin
The first requirement for any business is to fill out a Self-Assessment Questionnaire (SAQ). An SAQ is the best way to evaluate and ensure that your business is compliant. Therefore, Axia has taken great strides to create a user-friendly web-portal for you to complete your SAQ. Click on the link which says SAQ LOGIN and follow the prompts to determine which questionnaire is right for your business.
We are here to help
If you need guidance we are here to assist you at 877.875.6114 x 3 or PCI@axiapayments.com. Also, we will continue to update you accordingly with further details relating to PCI, your ongoing obligations as well as information that may be beneficial to you relating to card holder security and PCI DSS.
Links to Learning More About PCI
- PCI Overview – Find out about PCI and the requirements for your business to become compliant.
- Decision Tree Diagram – This diagram shows how your business fits into the SAQ model so that you can complete the necessary compliance steps.
- SAQ C and D Merchants: Control Scan Portal
- PCI Standards Website
- PCI Standards FAQ
- Understanding the Intent of the Requirements
- Ten Common Myths of PCI DSS
The chart below provides SAQs based on how your business processes credit and debit cards. Just determine which validation type you fit into, and click the letter to access the SAQ published by the Payment Card Industry Data Security Standard (PCI DSS) Council. See this guide for additional help in determining which category best describes your business.
- A: Card-not-present (e-commerce or mail/telephone-order) merchants. All cardholder data functions are outsourced. This does not apply to face-to-face merchants.
- B: Imprint-only merchants with no electronic cardholder data storage, or standalone, dial- out terminal merchants with no electronic cardholder data storage.
- C-VT: Virtual Terminal merchants who manually key in transactions using a keyboard with no electronic cardholder data storage.
- C: Merchants with POS systems and Internet connected terminals with no electronic cardholder data storage.
- D: All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ.