Ask the Expert

PCI DSS compliance: All or nothing?

I have a quick question about PCI. Say a company has two e-commerce brands: A and B. The IT infrastructures for A and B are separated. When this company is focusing on getting A compliant, is it necessary to get B compliant as well?

    Requires Free Membership to View

First let me note that both brands need to be in compliance with the Payment Card Industry's Data Security Standard (PCI DSS). There may be different levels of validation that need to be done between Brand A and Brand B. However, this issue is really for the merchant's acquirer (typically the credit card processor) to determine. For example, if Brand A uses Acquirer 1 and Brand B uses Acquirer 2, then each acquirer will make a determination regarding the validation requirements for each brand. In the end, the acquirer will make this decision.

This was first published in July 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: