Frequently Asked Questions
I'm a small merchant who has limited payment card transaction volume. Do I need to be compliant with PCI DSS (Payment Card Industry Data Security Standard)? If so, what is the deadline?
All merchants, whether small or large, are required to be PCI compliant. The payment brands (Visa, Master Card, AMEX, Discover Card) have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards. SecurityMetrics is an Approved Scan Vendor and Qualified Security Assessor that can assist your business, regardless of size, in becoming PCI Compliant. For questions regarding compliance validation requirements and deadlines as well as compliance reporting requirements, we recommend that you contact your acquiring bank.
What are the consequences to my business if I do not comply with the PCI DSS?
SecurityMetrics encourages all businesses that process credit cards to comply with the PCI DSS to help lower the financial risk associated with cardholder data compromises. SecurityMetrics assists businesses in becoming PCI DSS compliant through expertise as both an ASV and a QSA. SecurityMetrics does not impose any consequences for non-compliance. However, individual payment brands and/or acquiring banks may have their own compliance initiatives, including financial or operational consequences to certain businesses that are not compliant. For further details about PCI DSS compliance fines and deadlines please phone the number found on your merchant statement.
What are the fines and penalties assessed to companies for non-compliance with the PCI DSS?
Any fines and/or penalties associated with non-compliance with the PCI DSS are usually levied by your acquiring bank. For additional details regarding PCI DSS compliance fines and deadlines please phone the number found on your merchant statement.
Why am I being directed to SecurityMetrics for PCI DSS compliance?
As experts in PCI DSS compliance, SecurityMetrics offers simple solutions for your business.
If any part of your credit card processing goes over an Internet connection or if you store credit cards in electronic format—the PCI DSS requires your IP (Internet Protocol) addresses are scanned at least quarterly by an Approved Scanning Vendor (ASV) such as SecurityMetrics. To get started click here.
If your business only processes credit card information through a dial out terminal or cellular terminal and no credit card information is handled over internet connected systems, PCI DSS still requires completion of the PCI Self Assessment Questionnaire. SecurityMetrics assists in simplifying the process with our Online Site Certification which enables your business to complete the Self Assessment Questionnaire online. The service includes automatic reporting to your merchant processor, online videos, glossaries, validation of PCI DSS, a Security Policy Template (PCI DSS Requirement 12) and 24/7 live technical support that can assist your business with challenges while becoming PCI DSS compliant. To get started click here.
How do I add the Site Certified logo to my Website?
For instructions please click here.
All merchants, whether small or large, are required to be PCI compliant. The payment brands (Visa, Master Card, AMEX, Discover Card) have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards. SecurityMetrics is an Approved Scan Vendor and Qualified Security Assessor that can assist your business, regardless of size, in becoming PCI Compliant. For questions regarding compliance validation requirements and deadlines as well as compliance reporting requirements, we recommend that you contact your acquiring bank.
What are the consequences to my business if I do not comply with the PCI DSS?
SecurityMetrics encourages all businesses that process credit cards to comply with the PCI DSS to help lower the financial risk associated with cardholder data compromises. SecurityMetrics assists businesses in becoming PCI DSS compliant through expertise as both an ASV and a QSA. SecurityMetrics does not impose any consequences for non-compliance. However, individual payment brands and/or acquiring banks may have their own compliance initiatives, including financial or operational consequences to certain businesses that are not compliant. For further details about PCI DSS compliance fines and deadlines please phone the number found on your merchant statement.
What are the fines and penalties assessed to companies for non-compliance with the PCI DSS?
Any fines and/or penalties associated with non-compliance with the PCI DSS are usually levied by your acquiring bank. For additional details regarding PCI DSS compliance fines and deadlines please phone the number found on your merchant statement.
Why am I being directed to SecurityMetrics for PCI DSS compliance?
As experts in PCI DSS compliance, SecurityMetrics offers simple solutions for your business.
If any part of your credit card processing goes over an Internet connection or if you store credit cards in electronic format—the PCI DSS requires your IP (Internet Protocol) addresses are scanned at least quarterly by an Approved Scanning Vendor (ASV) such as SecurityMetrics. To get started click here.
If your business only processes credit card information through a dial out terminal or cellular terminal and no credit card information is handled over internet connected systems, PCI DSS still requires completion of the PCI Self Assessment Questionnaire. SecurityMetrics assists in simplifying the process with our Online Site Certification which enables your business to complete the Self Assessment Questionnaire online. The service includes automatic reporting to your merchant processor, online videos, glossaries, validation of PCI DSS, a Security Policy Template (PCI DSS Requirement 12) and 24/7 live technical support that can assist your business with challenges while becoming PCI DSS compliant. To get started click here.
How do I add the Site Certified logo to my Website?
For instructions please click here.