What is PCI DSS?

The Payment Card Industry Data Security Standards are requirements designed to minimize theft and misuse of sensitive credit card data at every level of credit card processing.

Who has to Comply?

Member Banks - Acquiring Bank and Card Issuing Banks. Merchants - Any merchant who accepts any of the major card brands, including Visa, Mastercard, American Express and Discover. Service Providers - Internet Gateways, Shopping Cart Vendors and Hosting Companies

What does PCI Compliance mean to my business?

The card associations require that cardholder information be handled and maintained in a secure fashion. ALL merchants are required to meet the PCI compliance guidelines

What is the difference between compliance and validation?

Compliance is the process of implementing the security controls and policies required by the standard. Validation is the process of proving that you are compliant. PCI compliance requires both functions to be performed.

How often do I have to validate my compliance?

You are required to validate compliance every 12 months.

What if I change my merchant service provider in the next 12 months?

You will receive a Certificate of Compliance once you have completed the required SAQ and scan, if required, that you will be able to provide to your new merchant service provider to validate your compliance.

What is the difference between a Static IP and a Dynamic IP address?

A static IP address is the number assigned to a computer by an Internet service provider to be its permanent address on the Internet. If you have a static IP your IP address remains the same every time you log in. Once you have provided MAXpci with your IP address your scans will be performed without any action required on your part. A dynamic IP address is your IP address for only as long as you are logged in for a session on the Internet. Once you disconnect from the Internet, that dynamic IP address goes back into the IP address pool so it can be assigned to another user. Consequently you will rarely, if ever, have the same IP address twice.

MAXpci is not listed as a PCI Approved QSA on the PCI Council website. Is MAXpci required to be a QSA?

MAXpci offers PCI compliance solutions via an on-line, automated self-assessment program developed to guide merchants through the PCI DSS compliance assessment and validation process. MAXpci offers merchants support through email, by chat, or by contacting our US-based support team. Level 3 and 4 PCI merchants are not required to validate self-assessment compliance through a QSA; therefore, MAXpci is not required to be a QSA. We partner with Viking Cloud, an Approved Scanning Vendor, (ASV), to run external vulnerability scans and provide technical support to merchants requiring a scan.