PCI Compliance
What are some of the things a small-to-medium sized business must to do in order to satisfy the PCI requirements?
- A secure connection between the customer's browser and the web server
- Validation that the Website operators are a legitimate, legally accountable organization
Q: If I only accept credit cards over the phone, does PCI still apply to me?
A: Yes. All business that store, process or transmit payment cardholder data must be PCI Compliant.
Q: Do organizations using third-party processors have to be PCI compliant?*
A: Yes. Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore PCI.
Q: Am I PCI compliant if I have an SSL certificate?
A: No. SSL certificates do not secure a Web server from malicious attacks or intrusions. High assurance SSL certificates provide the first tier of customer security and reassurance, but there are other steps to achieve PCI Compliance.
