PCI FAQs

Home|PCI FAQs

What is the Fix-It Plan?

The Fix-It Plan is something within PCI. When a merchant fails their PCI Questionnaire they are given a “Fix-It plan”. Once the steps in the Fix-It Plan are completed they become PCI compliant.

By |2020-01-02T18:29:07+00:00January 2nd, 2020||0 Comments

If a merchant does not have Internet access what options do they have to complete SAQ forms?

This is a 2-part answer: Part 1: A merchant does not need Internet access in the retail environment to complete the SAQ or to be PCI compliant. They only need Internet access during the process of completing their SAQ, and an email address to receive certificates and/or remediation response from Panoptic Security. The merchant's ISO

By |2020-01-02T18:28:31+00:00January 2nd, 2020||0 Comments

Are Merchants required to use the tools provided through this web-site to fix any Compliance problems?

No: The tools provided through this web-site are offered as a low-cost convenient way to fix problems, but Merchants are free to use any remediation tools they want to fix their Compliance problems. Merchants who use other tools are then solely responsible for making sure that those tools are appropriately selected and properly implemented, and

By |2020-01-02T18:27:45+00:00January 2nd, 2020||0 Comments

Is PCI a government program? Is it a law?

No: PCI is not, in itself, a law: the standard was put together by business organizations including Visa, MasterCard, and the other major card companies. Merchants that do not comply with PCI DSS are not necessarily breaking any law, but they are probably violating their Terms of Service or contract with their acquiring bank and

By |2020-01-02T18:26:20+00:00January 2nd, 2020||0 Comments

How are the different Merchant Levels defined?

Merchant Level 1:       • Any Merchant that processes over 6,000,000 Visa or MasterCard transactions per year (regardless of whether the transactions are e-commerce or not), OR       • Any Merchant that is declared to be Level 1 by any Card Association       • Any Merchant that has suffered

By |2020-01-02T18:25:18+00:00January 2nd, 2020||0 Comments

What is meant by ‘Validation’?

Validation means a Merchant's ability to show, via standard documents and/or tests, that they are meeting the PCI DSS requirements. The different types of Merchant face different levels of Validation burden, depending on which of four levels they are assigned to. Merchants that were directed to this web-site are, at the very least, required to

By |2020-01-02T18:24:34+00:00January 2nd, 2020||0 Comments

What is meant by ‘Compliance’?

Being in Compliance means 'meeting all of the requirements laid out in the Payment Card Industry Data Security Standard'. The requirements for Compliance are the same for ALL Merchants, large or small. (However, smaller Merchants typically avoid many of the Compliance problems that larger organizations face, because their systems and networks are usually simpler.)

By |2020-01-02T18:23:54+00:00January 2nd, 2020||0 Comments

What is the ‘Self-Assessment Questionnaire’?

The Self-Assessment Questionnaire is a form that Merchants may be required to complete every year and submit to their Acquiring Bank. It was created by the PCI Council. Completing a Self-Assessment Questionnaire helps Merchants do two things:       • Check their Compliance, by finding out for themselves if they are in compliance with

By |2020-01-02T18:20:55+00:00January 2nd, 2020||0 Comments