FAQ PCI Compliance

PCI Compliance is NOT an option when processing, storing or transmitting your customer credit card payments. *Here is an FAQ to help clear the air:

Whom does PCI apply to?

PCI applies to ANY organization or merchant, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.

Back To Top

If I only accept credit cards over the phone, does PCI still apply to me?

Yes. All businesses that store, process or transmit payment cardholder data must be PCI Compliant.

Back To Top

Do organizations using third-party processors have to be PCI compliant?

Yes. By just using a third-party company, does not exclude a company from PCI compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance.

Back To Top

What are the PCI compliance ‘levels’ and how are they determined?

All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions. Level One is the highest PCI Compliance level processing over 6M Visa transactions per year.

Back To Top

What are the penalties for non-compliance?

Fines can range from $5,000 to $100,000 per month for PCI compliance violations.

Back To Top

What is defined as ‘cardholder data’?

he PCI SSC defines ‘cardholder data’ as the full Primary Account Number (PAN) or the full PAN along with any of the following:

  • Cardholder name
  • Expiration date
  • Service code

Back To Top

What is the definition of ‘merchant’?

Merchant is defined as any entity that accepts payment cards containing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, MasterCard or Visa) as payment for goods and/or services.

Back To Top

What is a payment gateway?

Payment Gateways connect a merchant to the bank or processor that is acting as the front-end connection to the Card Brands.

Back To Top

How often do I have to have a vulnerability scan?

Every 90 days.

Back To Top

If I’m running a business from my home, am I a serious target for hackers?

Yes, home users are the most vulnerable.

Back To Top

Is my business at risk?

Essentially any business that has a Merchant ID (MID) is at risk.

Back To Top

Are over-the-phone payment solutions too complicated to use?

Not at all. When your customers call a toll-free number, enter their account information, and make a payment. Some over-the-phone payment systems can even store the customer’s information based on the phone number they are calling from. This means future transactions take less time. Some services can even allow customers to take a picture of their bill, and pay. The payment is then verified, accepted, and immediately applied to your customer’s account. IVR Tech provides customized reporting that allows you to see exactly when your customer paid, the form of payment used, and the results of the transaction.

Back To Top

To setup a free, no-risk, consultation to strategize how to administer our solution, call us now at 800-438-1709.

*FAQ is based on questions and answers provided by the PCI Compliance Guide.

To view the current PCI Data Security Standard documents, click here.