The Fix-It Plan is something within PCI. When a merchant fails their PCI Questionnaire they are given a “Fix-It plan”. Once the steps in the Fix-It Plan are completed they become PCI compliant.
This is a 2-part answer: Part 1: A merchant does not need Internet access in the retail environment to complete the SAQ or to be PCI compliant. They only need Internet access during the process of completing their SAQ, and an email address to receive certificates and/or remediation response from Panoptic Security. The merchant's ISO
Are Merchants required to use the tools provided through this web-site to fix any Compliance problems?
No: The tools provided through this web-site are offered as a low-cost convenient way to fix problems, but Merchants are free to use any remediation tools they want to fix their Compliance problems. Merchants who use other tools are then solely responsible for making sure that those tools are appropriately selected and properly implemented, and
No: PCI is not, in itself, a law: the standard was put together by business organizations including Visa, MasterCard, and the other major card companies. Merchants that do not comply with PCI DSS are not necessarily breaking any law, but they are probably violating their Terms of Service or contract with their acquiring bank and
Remediation means the process of fixing any Compliance failures. A Merchant who constructs an appropriate remediation program and completes it will be (by definition) in compliance with the PCI DSS.
Merchant Level 1: • Any Merchant that processes over 6,000,000 Visa or MasterCard transactions per year (regardless of whether the transactions are e-commerce or not), OR • Any Merchant that is declared to be Level 1 by any Card Association • Any Merchant that has suffered
Validation means a Merchant's ability to show, via standard documents and/or tests, that they are meeting the PCI DSS requirements. The different types of Merchant face different levels of Validation burden, depending on which of four levels they are assigned to. Merchants that were directed to this web-site are, at the very least, required to
Being in Compliance means 'meeting all of the requirements laid out in the Payment Card Industry Data Security Standard'. The requirements for Compliance are the same for ALL Merchants, large or small. (However, smaller Merchants typically avoid many of the Compliance problems that larger organizations face, because their systems and networks are usually simpler.)
'SAQ' stands for the PCI 'Self-Assessment Questionnaire'. See the above question and answer for more detail.
The Self-Assessment Questionnaire is a form that Merchants may be required to complete every year and submit to their Acquiring Bank. It was created by the PCI Council. Completing a Self-Assessment Questionnaire helps Merchants do two things: • Check their Compliance, by finding out for themselves if they are in compliance with