Use the information below to learn more about PCI compliance.
PCI compliance is conformity to security standards set by the Payment Card Industry (PCI) Security Standards Council to protect cardholder data. The PCI council is responsible for managing the security standards, while compliance with it is enforced by major payment card brands (such as Visa®).
PCI standards apply to all organizations that store, process, or transmit cardholder data. If you're a merchant that accepts payment cards, you're required to be compliant with the PCI Data Security Standard (DSS). You can find out your exact compliance requirements from your payment card brand or acquirer.
Merchants need to validate their processes and controls for PCI compliance based on requirements from their payment card brand or acquirer.
For example, Visa defines levels of compliance validation based on the volume of transactions, potential risk, and exposure introduced into the payment system by merchants and service providers.
For Level 2 - Level 4 merchants, validation generally occurs through the completion of a PCI DSS Self-Assessment Questionnaire (SAQ) and quarterly Approved Scanning Vendor (ASV) scans. Level 1 merchants must have a Qualified Security Assessor (QSA) who completes an annual report on compliance. A list of approved QSA companies is available on the PCI Security Standards Council website. For more information on Visa's PCI compliance validation process, see Visa's Merchant website.
Yes. Quick Shopping Cart® is fully PCI compliant. An annual audit is performed by a Qualified Security Assessor (QSA) to confirm that all PCI requirements are met for the Quick Shopping Cart environment. Assessment activities focus on our public-facing Web servers, back-end processing systems, cardholder storage database, administrative bastion hosts, supporting infrastructure, and firewalls.
If you use Quick Shopping Cart, you still need to complete a PCI DSS Self-Assessment Questionnaire and report PCI compliance based on your merchant level if your payment card brand requests it.
No. Customers using Quick Shopping Cart do not need to contract third party Approved Scanning Vendor (ASV) scans against their Quick Shopping Cart website.
We complete the following activities to achieve compliance as a Level 1 PCI Service Provider:
No. Neither Shared, Dedicated, or Virtual Private Server is PCI compliant.