PCI Certificate

PCI Certificate

Who should be PCI Compliant

January 11, 2014 PCI Compliance No Comments

It is often asked if this organization should be PCI Compliant. Many conferences include a discussion around the topic of Who should be PCI compliant.

PCI DSS is applicable to all organizations who store, process or transmit account data. Extract from the PCI Standard tells us that the account data consist of cardholder data plus Sensitive Authentication Data

Cardholder data includes:

  • Primary Account Number (PAN)
  • Cardholder Name
  • Expiration Date
  • Service Code

Sensitive Authentication Data includes:

  • Full magnetic stripe data or equivalent on a chip
  • CAV2/CVC2/CVV2/CID
  • PINs/PIN blocks

If the PAN is stored, processed or transmitted then the PCI DSS requirements are applicable to the organization. However, if the PAN is not stored, processed or transmitted PCI DSS requirements do not apply.

This provides clarity on whether or not your organization falls under the PCI DSS requirement and weather you should be PCI Compliant.

Outsourcing the payment card related activities

PCI DSS & Network Devices

Leave a Reply Cancel reply

Recent Posts

  • PCI Compliant Hosting
  • Best Practices to Minimise PCI DSS Exposure
  • How to achieve PCI DSS Compliance
  • PCI DSS File Integrity Monitoring
  • Firewall for PCI Compliance

Recent Comments

    Archives

    • October 2015
    • September 2015
    • June 2015
    • April 2015
    • December 2014
    • October 2014
    • April 2014
    • March 2014
    • January 2014
    • December 2013
    • January 2013

    Categories

    • OpenSource tools PCI Compliance
    • PCI Compliance
    • PCI Policies
    • PCI Segmentation

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Proudly powered by WordPress | Theme: Doo by ThemeVS.