PCI Compliance FAQ

Common Questions on PCI Compliance & Standards

What is PCI?

Who has to comply?

What are the certification levels and what do they mean?

I’m a small merchant who only takes a handful of cards, so I don’t need PCI?

Doesn’t PCI only apply to e-commerce companies?

I only need to protect my credit card data, not ATM debit card related data, right?

Don’t I only have to be compliant with the majority of criteria?

I can wait until my business grows.

I can just answer “yes” to all the criteria on the Self- Assessment Questionnaire.

I can wait until my bank asks me to be compliant.

As a merchant, I’m entitled to store any data.

As a merchant, I did not sign anything saying I would be compliant; therefore, I do not need to be.