Frequently Asked Questions about the Payment Card Industry (PCI)
Payment Card Industry Data Security Standards (PCI DSS) compliance is an ever-growing and expanding mandate aimed at merchants, service providers and any other entity directly involved in the processing, storage, or transmission of transaction data or cardholder data. Listed below are answers to some of the most pressing questions surrounding PCI DSS compliance and the payments industry as a whole. NDB Advisory is constantly updating the PCI FAQ's, so please check back from time to time, as you'll find relevant, critical, "must-know" information regarding this fast paced and growing industry.
TABLE OF CONTENTS
- What industry concerns have resulted in the push for widespread PCI measures and initiatives?
- I'm a small merchant with limited payment card transactions. Does my company still need to be PCI compliant?
- Our company has to PCI DSS compliant. We're new to the PCI requirements, so what is the first step NDB Advisory would recommend?
- What exactly is PCI DSS and what should Merchants and Service Providers need to be aware of?
- Who is the PCI SSC and what do they do?
- What is the organizational structure of the PCI SSC?
- Where can I find more information on the major payment brands as it relates to their own compliance programs?
- What are some common examples of a Merchant and a Service Provider
- I keep hearing the term acquirer , can you please clarify what an acquirer is and their respective function in the payment(s) industry?
- For PCI DSS Assessments, can compensating controls be employed to assist in PCI DSS compliance?
- PCI DSS Requirement 1.1.1 discusses a “formal process”. What does this really mean?
- For PCI DSS Requirement 1.1.2, how detailed and in-depth should our network diagram/topology documents and schematics be?
- For PCI DSS Requirement 1.1.3, what should be of main concern for meeting this overall requirement?
- For PCI DSS Requirement 1.1.4, do we need to develop documented Policies & Procedures?
- What tips can you provide on meeting PCI DSS Requirement 1.1.5?
- For PCI DSS Requirement 1.1.6, should we document our review of firewall and router configurations?
- For PCI DSS Requirement 1.2.1, please help us understand the core requirements for this area.