The Payment Card Industry Data Security Standard (PCI DSS) is a set of basic security standards and procedures established by Visa^®, MasterCard^®, Discover^® and American Express^®, designed to help reduce the risk of theft and fraud of sensitive cardholder information. All businesses accepting credit and debit cards must validate their compliance with PCI DSS.

Yes. All businesses that accept credit and debit cards must be able to prove that they are in compliance with PCI DSS. This ranges from small, single-terminal restaurants and retailers to large national chains with advanced computer networks and hundreds of thousands of payment card customers.

If you only use dial-up terminals for card processing and do not store payment data electronically, you may not need to perform a network vulnerability scan. Completing the appropriate SAQ may be sufficient.

If you only have to complete an SAQ, your PCI DSS certification is valid for one year. If you also have to perform a network vulnerability scan, your certification is good for three months, at which time you must perform another scan.

Card processors (like PNC Merchant Services^®) are required to report the PCI DSS compliance status of their merchant customers to the Card Associations. Businesses that do not validate their compliance are subject to substantial fines if their customers' payment data is compromised – in addition to expenses associated with any fraudulent transactions that may occur. These businesses may also be stripped of their ability to accept credit and debit cards in the future.