Industry Insights


Category: IT Consulting

Back to blog BLOG HOME

What does PCI DSS compliance mean?
PCI DSS stands for Payment Card Industry Data Security Standard, which sets the requirements for organizations and sellers to safely and securely accept, store, process, and transmit cardholder data during credit card transaction to prevent fraud and data breaches.

Who needs PCI DSS compliance certification?
Although there is technically no such thing as “PCI certification,” sellers of all sizes, service providers, banks, and any other organizations that process credit card payments need to prove they are PCI compliant.

What are the PCI DSS compliance levels?
There are four levels of PCI compliance; each level has unique requirements for a business to validate its compliance. The level under which your business falls is based on your total transaction volume, annually.

What does it cost to be PCI DSS compliant?
The fees to become PCI compliant, and maintain that standing annually, can range from approximately $1,000 annually to over $50,000 annually, depending on the size of your business.

Am I responsible for a PCI DSS Compliance Self-Assessment Questionnaire (SAQ)?
The PCI DSS Self-Assessment Questionnaire is a checklist ranging from 19 to 87 pages, created and distributed by the PCI Security Standards Council. It’s used as a mechanism for sellers to self-validate their PCI DSS compliance. Square does not require sellers to complete an SAQ, or to self-validate, since Square’s hardware and software complies with the Payment Card Industry Data Security Standard (PCI DSS).

Is there a PCI noncompliance fee?
Yes, there are typically fees associated with PCI noncompliance. If your business does not comply with PCI standards, you could be at risk for data breaches, fines, card replacement costs, costly forensic audits and investigations into your business, brand damage, and more.

Content credit to Square.