Your selected question
Does PCI DSS apply to me?
The PCI DSS standard applies to all entities that store, process or transmit cardholder data. It is also very little understood that the standard does equally apply to manual processing and storage of cardholder information as well as to electronic methods of storage. You may be storing cardholder information (e.g. card receipt from terminals, emails received which have cardholder details in them) in a way the standard does not allow.
Additionally, PCI DSS compliance applies to a merchant’s overall environment, including any third parties used by the merchant that would store, process or transmit cardholder data. These third parties may include the following:
- Till vendors
- Epos vendors
- Software Application Providers
- Payment service providers
- Payment Processing Bureaux
- Data Storage Providers
- Web Hosting Providers
- Shopping Cart Providers
- Software Vendors
A merchant can only reach compliance if its ‘in scope’ third parties are also compliant; this can be validated either by obtaining the compliance certificate from the third Party or by including the validation in the merchant self assessment.
Visa Europe and MasterCard maintain independent lists of Third Parties and you should use these when undertaking your own due diligence regarding which partners you wish to engage with.
How useful did you find the answer given?Not at all Very useful