PCI - Frequently Asked Questions

You can hire any consultant or professional you want to help you with the preparations for PCI DSS.

There are many domestic and international companies that offer their services in gap analysis, PCI preparation, audit preparation, firewall compliancy, policy compliancy and more.

PCI DSS is the standard that credit card companies established for providing overall guidelines for organizations on creating a more secure environment with the goal of protecting customers’ data.

Merchant levels are the categories as defined by the payment brands to include all businesses dealing with credit cards. There are four merchant levels as defined below:

The following is required by merchants by the payment card brands:

Merchant Level 1:

• Annual on-site security audit conducted by a qualified security assessor (QSA).
  • Alternatively, an internal audit is acceptable if signed by an officer of the company.

There are five self assessment questionnaire categories, as illustrated in the table below.

First, you need to determine which merchant level you are. If you do not know this yet, go here.

The PCI DSS standard is published and maintained by the PCI Security Standards Council (SSC). Changes to the standard follow a 24-month lifecycle with five stages.