Frequently Asked Questions Regarding PCI Vulnerability Standards

We are aware that PCI compliance is required for businesses that allow the use of credit cards on their website, or at their place of business.  But even after all this time, there are still many questions in regards to the PCI Vulnerability Standards, also known as the PCI data security standards (PCI DSS).  Below is a list of frequently asked questions that will hopefully give you some answers.

What exactly are the PCI Vulnerability Standards? PCI DSS is a list of 12 requirements made by the PCI council to make sure that every business that processes, stores or transmits credit card information is maintaining a safe atmosphere.  The PCI standards were put into place back in 2006.

Who has to follow PCI? As was previously mentioned, all businesses that must comply are any organizations or merchants, despite their size, that accepts, transmits or stores cardholder data.  In other words, if your customers are paying with credit or debit cards, then PCI requirements pertain.

Where can I find a list of the PCI Vulnerability Standards? Check out the website https://www.pcisecuritystandards.org.

Does PCI have to be followed for debit cards?  Yes!  Any debit, credit or pre-paid cards that have the logo of American Express, Discover, JCB, MasterCard, or Visa fall under the PCI rules.

How does PCI scanning relate to the PCI standards? According to the PCI vulnerability standards and in order to stay compliant, your business must conduct quarterly or daily scans of your system.  This is done by an ASV (approved scanning vendor) and they scan any public IP address that connects to or can indirectly connect to cardholder data. This may include things such as a merchant’s website, office internet connections, and possibly more.

Are there penalties for noncompliance?  Fines ranging anywhere from $5,000-$100,000 per month can be cited for violating PCI compliance.  Penalties can be disastrous, especially to small businesses, so do not take this lightly.

By now, all of you should be PCI compliant, but don’t hesitate to review and ask questions constantly to be sure you are following the PCI vulnerability standards correctly.  There is a lot of information available and PCI compliance is very important.