The PCI DSS Applies to All Merchants or Service Providers That Process Credit Card Information.
DO YOU HAVE A BIG IDEA WE CAN HELP WITH?
All individuals and businesses are asking the same question – who needs to be PCI compliant? So, to avoid any inconveniences, we’ve decided to clear this up.
The answer is EVERYONE! Whether your company employs 10 or 1000 individuals or whether your business processes 500 or 500.000 credit or debit card transactions per year, all vendors who accept credit card as a method of payment are required to have PCI certificate and be PCI compliant.
For vendors, the Payment Card Industry Security Standard Council has designed validation tools in the form of SAQs or Self-Assessment Questionnaires. There are 4 SAQs available or A, B, C, and D and they are designed with one thing in mind – to meet the needs of various business types and various business processing methods. For example, they are designed to meet the needs of a restaurant and an e-commerce business as well. A lot of vendors are wondering how they should choose a specific SAQ.
Here is one example, if a vendor allows credit card payments via the website and then keeps the credit card data for future purchases, this vendor will be required to use the fourth SAQ – which is also known as SAQ for a long term. This is because the vendor, in this case, will handle, process, and store the credit card data and the SAQ D involves 250 controls and demands the greatest amount of energy, time, and money.
If the vendor allows credit card payments via the websites and doesn’t keep the credit card information, this vendor is qualified for the first SAQ or SAQ A – the shortest of all four SAQs. It involves around 20 controls and requires minimum energy, time, and money.
Like vendors, any organization that processes credit card information on behalf of the vendor is required to be PCI compliant. All vendors are required to ensure their provider has PCI certificate and is PCI compliant. You can check the list of global PCI service providers on the official VISA website.