PCI DSS FAQ

(Source: PCI Compliance Guide.org)

Q: What is PCI?

Q: To whom does PCI apply?

Q: Where can I find the PCI Data Security Standards (PCI DSS)?

Q: What are the PCI compliance deadlines?

Q: What are the PCI compliance ‘levels’ and how are they determined?

Q: What does a small-to-medium sized business (Level 4 merchant) have to do in order to satisfy the PCI requirements?

Q: If I only accept credit cards over the phone, does PCI still apply to me?     

Q: Do organizations using third-party processors have to be PCI compliant?

Q: My business has multiple locations, is each location required to validate PCI Compliance?

Q: Are debit card transactions in scope for PCI?

Q: Am I PCI compliant if I have an SSL certificate?

Q: What are the penalties for noncompliance?

Q: What is defined as ‘cardholder data’?

Q: What is the definition of ‘merchant’?

Q: What constitutes a Service Provider?

Q: What constitutes a payment application?

Q: What is a payment gateway?

Q: How is IP-based POS environment defined?

Q: What is PA-DSS (formerly PABP)?

Q: Can the full credit card number be printed on the consumer’s copy of the receipt?

Q: Do I need vulnerability scanning to validate compliance?

Q: What is a network security scan?

Q: How often do I have to scan?

Q: What if a merchant refuses to cooperate?

Q: If I’m running a business from my home, am I a serious target for hackers?

Q: What should I do if I’m compromised?