I have a quick question about PCI. Say a company has two e-commerce brands: A and B. The IT infrastructures for A and B are separated. When this company is focusing on getting A compliant, is it necessary to get B compliant as well?
First let me note that both brands need to be in compliance with the
Payment Card Industry's Data Security Standard (PCI DSS)
. There may be different levels of validation that need to be done between Brand A and Brand B. However, this issue is really for the merchant's acquirer (typically the credit card processor) to determine. For example, if Brand A uses Acquirer 1 and Brand B uses Acquirer 2, then each acquirer will make a determination regarding the validation requirements for each brand. In the end, the acquirer will make this decision.
Dig Deeper on Regulatory compliance with cybersecurity laws and regulations
Learn how to ensure that your client's firewalls are compliant with PCI firewall configuration standards.
The PCI Security Standards Council identifies five levels of network security vulnerabilities, ranging from low to urgent.
Network security audits should not be performed by the same individual who later patches the network security holes found by that network security ...