What Every Business Needs to Know About PCI Compliance (10 FAQs Answered)

Internet lockIt seems that every day we hear more and more about data security breaches, foreign cyber-attacks, and consumer warnings about how to protect yourself from falling victim to fraud.

Now more than ever, it’s important to stay ahead of the curve and ensure you have the basics down when it comes to protecting your business’ sensitive payment data.

Below are the most frequently-asked PCI-related questions we receive from channel partners and merchants, along with answers. If you have a question that isn’t listed, please comment below or send an email to support@csipay.com.

What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI-DSS) — commonly referred to as just PCI — is a set of standards designed to ensure that all organizations that accept, process, store or transmit credit card information maintain a secure environment.

What Businesses are Required to Be PCI-Compliant?

ALL BUSINESSES that participate in the payment transaction process are expected to adhere to the PCI compliance standards. This includes:

  • Businesses of all sizes
  • Point of sale providers
  • Gateway providers
  • Financial institutions
  • Payment processors and acquirers
  • Hardware and software developers

My Software Provider is PCI-Certified. Do I Need to Maintain PCI Compliance Myself?

Yes. Working with a software provider that is PCI-certified, or a merchant services provider, like Constellation Payments, that is PCI-certified, does not exempt a business from having to show compliance.

Businesses handle credit card information at their front desks and kiosks every day. All businesses are part of the payment transaction flow and therefore required to comply and show compliance through a certification process.

All the entities listed above must demonstrate and validate compliance.

How Do I Become PCI-Certified?

1) Review the 12 PCI-DSS requirements on the Constellation Payments website. This list can be used as a checklist for assessing your IT assets and business processes.

2) Complete the self-assessment questionnaire (SA Q) and confirm all answers.

Businesses with Constellation Payments will be provided with step-by-step instructions on how to register with a Qualified Security Assessor (QSA), such as Sysnet.

3) Download your validation certification.

4) Send the certificate to your merchant processor to have on file.

How Often Do I Need to Complete the PCI Questionnaire?

You are required to complete the PCI questionnaire every year to stay compliant.

Who Can Help Me with my PCI Compliance Validation?

At Constellation Payments, we’ll guide you through the entire process to make sure your PCI compliance certification experience is smooth and easy.

We have partnered with well-known Qualified Security Assessors to provide all businesses with a PCI toolkit to help with the annual PCI compliance validation process.

Are There Additional Services Available to Assist with PCI Compliance?

Yes. We have an enhanced PCI solution, called PCI Plus, available to all businesses.

PCI Plus offers a white-glove approach to PCI compliance. Through the solution, you receive:

  • An interactive customer PCI validation experience
  • File Integrity Monitoring (FIM)
  • Anti-Virus Protection (AV)
  • Unauthorized Device Monitoring

These are just a few of the benefits. To learn more, email support@csipay.com or call 888.244.2160.

What’s a Security Vulnerability Scan?

A vulnerability scan identifies security issues such as storing of any credit card data, misconfigured networks or outdated versions of software.

Who Needs to Complete a Security Vulnerability Scan and How Often Does the Scan Need to be Completed?

Businesses that have external-facing IP (Internet Protocol) addresses that connect to their cardholder data are required to complete a quarterly vulnerability scan by an Approved Scanning Vendor. If vulnerabilities are found, the business is required to go through a remediation process to fix the vulnerabilities.

What is Breach Security Coverage?

Maintaining PCI compliant status will help to reduce the risk of a data security breach, but it doesn’t guarantee a breach event won’t occur.

The penalties for a data security breach can have a devastating financial impact to a business.

Our PCI program solution at Constellation Payments includes data breach coverage, which provides some financial relief to businesses that experience a data security breach.

In the event of a breach, you should contact the Constellation Payments’ Support team who will then work with Elavon to log the event and work with risk/loss prevention to start the investigative process.


Jennifer Sumii is Manager of Partner Relations for Constellation Payments. Within her role, she oversees critical company partnerships, including partners with custom integrations, large core processing accounts, and processor or origination companies. Her background includes extensive processing and banking experience, specifically FI/ISO/ICA relationship management, corporate and commercial banking relationship management, national account management, and new ISO/MSP implementation and training. You can reach Jennifer at jsumii@csipay.com.

Grey Divider

CSIpay_blog_subscribetoday-(2)Subscribe to our Blog, How Payments Are Done!

Get continual educational guidance and strategies on important payment topics including: data protection, tokenization, EMV, and more.

Visit HowPaymentsAreDone.com, enter your email address into the ‘Subscribe to Our Blog’ box and we’ll send our best advice to your inbox.

Write a Reply or Comment

*