Problem solve Get help with specific problems with your technologies, process and projects.

PCI DSS compliance: All or nothing?

Learn whether a company with two distinct e-commerce brands must get them both compliant with the Payment Card Industry's Data Security Standard (PCI DSS).

I have a quick question about PCI. Say a company has two e-commerce brands: A and B. The IT infrastructures for A and B are separated. When this company is focusing on getting A compliant, is it necessary to get B compliant as well?
First let me note that both brands need to be in compliance with the Payment Card Industry's Data Security Standard (PCI DSS) . There may be different levels of validation that need to be done between Brand A and Brand B. However, this issue is really for the merchant's acquirer (typically the credit card processor) to determine. For example, if Brand A uses Acquirer 1 and Brand B uses Acquirer 2, then each acquirer will make a determination regarding the validation requirements for each brand. In the end, the acquirer will make this decision.
This was last published in July 2007

Dig Deeper on Regulatory compliance with cybersecurity laws and regulations

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.