What is PCI?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI council

If I only accept credit cards over the phone, does PCI DSS still apply to me?

Yes. All business that store, process or transmit payment cardholder data must be PCI Compliant.

Do organizations using third-party processors have to be PCI DSS compliant?

Yes. Merely using a third-party company does not exclude a company from PCI DSS compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore the PCI DSS.

My business has multiple locations, is each location required to validate PCI compliance?

If your business locations process under the same Tax ID, then typically you are only required to validate once annually for all locations. And, submit quarterly passing network scans by an PCI SSC Approved Scanning Vendor (ASV) for each location, if applicable.

My company doesn’t store credit card data, so PCI compliance doesn’t apply to us, right?

If you accept credit or debit cards as a form of payment, then PCI compliance applies to you. The storage of card data is risky, so if you don’t store card data, then becoming secure and compliant may be easier.

How can Crescent help you?

Crescent Computer Technologies will come out and perform a PCI DDS compliance visit to ensure there are no violations of PCI Standards.  It’s a necessary procedure to ensure you will not be in violation and avoid fines. We will provide you with a report and keep you out of trouble with our regular compliance service.