Problem solve Get help with specific problems with your technologies, process and projects.

PCI DSS compliance: All or nothing?

Learn whether a company with two distinct e-commerce brands must get them both compliant with the Payment Card Industry's Data Security Standard (PCI DSS).

I have a quick question about PCI. Say a company has two e-commerce brands: A and B. The IT infrastructures for A and B are separated. When this company is focusing on getting A compliant, is it necessary to get B compliant as well?
First let me note that both brands need to be in compliance with the Payment Card Industry's Data Security Standard (PCI DSS) . There may be different levels of validation that need to be done between Brand A and Brand B. However, this issue is really for the merchant's acquirer (typically the credit card processor) to determine. For example, if Brand A uses Acquirer 1 and Brand B uses Acquirer 2, then each acquirer will make a determination regarding the validation requirements for each brand. In the end, the acquirer will make this decision.

Dig Deeper on Regulatory compliance with cybersecurity laws and regulations

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.