The First Rule Is Knowing The Rules

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements for credit card processors. A merchant or service provider must validate their PCI compliance through the annual Self-Assessment Questionnaire every year, and in most cases they must also submit a quarterly Network Security Scan by an approved scanning vendor to test their online security. The rules and regulations are thorough, but they can also be confusing - that’s why we offer guidance and support in keeping you up to code.

Frequently Asked Questions

Who must submit the Self-Assessment Questionnaire?
All merchants and service providers who accept credit cards must validate their PCI-compliance every year by filling out the Self-Assessment Questionnaire. This is the standard requirement for every card-accepting merchant/service provider, and is not optional.

Who must submit a Network Security Scan?
Any card-accepting merchant/service provider that uses an external-facing IP address for payment data must submit a quarterly Network Security Scan in addition to the questionnaire. Even if a merchant/service provider does not use web-based transactions, basic functions like email and employee Internet access may compromise the company’s network. These scans must be conducted by an approved scanning vendor, and depending on the validation category, may be required every 90 days.

What is an approved scanning vendor?
All PCI-compliance scans must be administered by a third-party company on the list of approved scanning vendors. These vendors have been instructed in the official set of procedures that verify that the customer environment is safe and cannot be penetrated.

How much of the criteria must one be compliant with?
All of it. The pass mark for PCI-compliance is 100%, so even failing one criteria will disqualify approval. Don’t think of PCI-compliance as an extra advantage, think of it as the bare minimum for business practices.

How much customer data may a merchant/service provider store?
A merchant/service provider may not store any transaction data in accordance to PCI. While some companies believe otherwise, the fact is that it is not only a failure of PCI-compliance, it is also a violation of State and Federal privacy laws. PCI regulations forbid the storing of a customer’s:

  • unencrypted credit card number
  • CVV or CVV2
  • PIN blocks
  • PIN numbers
  • Track 1 or 2 data

Apply Now !!!

Submit a quick online application and a representative will contact you within 24 hours!


We are proud to offer a selection of POS Hardware, POS Software, and other POS Supplies.

View more