Merchant Services
What You Should Know About PCI Compliance

What You Should Know About PCI Compliance

You may have seen the acronym PCI DSS or heard the term "PCI compliance," but you aren't sure exactly what they mean. Here is a primer to help you better understand their meaning and the importance of PCI compliance for merchants.

PCI DSS stands for the Payment Card Industry Data Security Standard, which is administered and managed by the PCI Security Standards Council. The PCI DSS establishes basic security procedures for credit and debit card processing. All merchants that process, store or transmit credit and debit card information must demonstrate that they do so within a secure environment that meets the PCI DSS security requirements.

Completing the SAQ
To demonstrate that they are in PCI compliance, merchants must complete what is known as a Self-Assessment Questionnaire (or SAQ). This is a tool to help merchants self-evaluate their compliance with the PCI DSS. Several different versions of the SAQ are available, depending on the type of merchant business and other factors. For more details, visit

SAQs are comprised of a series of questions appropriate to merchants about their security practices that correspond to the PCI DSS security requirements. An Attestation of Compliance will accompany the SAQ - merchants must complete and return it to certify that they have performed the appropriate SAQ and are PCI compliant.

In addition, merchants that use POS software with Internet access to process credit and debit cards must also perform an External Vulnerability Scan (or Network Scan). This scan must be performed by an Approved Scanning Vendor (ASV). You can access a list of approved ASVs at

Included on this list is Trustwave, with whom PNC Merchant Services has partnered to provide validation services at a preferred price.

All Merchants Must Comply
Note that all merchants that accept credit and debit cards must demonstrate PCI compliance by following these steps, regardless of their card processing volume. PCI DSS certification is valid for one year for merchants that only must complete an SAQ and for three months for merchants that must perform a Network Scan, at which time they must perform another scan.

PNC Merchant Services is required to report on the PCI compliance status of all our merchant customers. Merchants that do not validate PCI compliance may be subject to substantial fines if their customers' payment data is compromised, as well as have to pay any expenses and the cost of fraudulent transactions that may occur due to the security breach.

Questions? Learn more basic tips on getting started with data security. Or, contact PNC Merchant Services Customer Service at 1-800-742-5030.


PNC is a registered mark of The PNC Financial Services Group, Inc.("PNC")

PNC Merchant Services provided by PNC Merchant Services Company and are subject to credit approval. PNC Merchant Services is a registered trademark of The PNC Financial Services Group, Inc.

This Merchant Business Insights e-Newsletter is designed to provide useful and practical information for merchants accepting card transactions. It is not intended to be legal, tax, accounting or financial advice, nor should it be substituted for a full and regular review of the Association Rules and any changes thereto. Internet sites provided in this e-Newsletter are provided as a convenience to our readers. While PNC Merchant Services endeavors to provide resources that are reputable and safe, we are not responsible for the information, products, or services obtained on such sites.