PCI Compliance

Let's break down what’s required of you, what we handle behind the scenes, and how to keep your account secure without the headache.

PCI Compliance

PCI Compliance

This page explains what PCI compliance is, why it matters, and how Redde helps keep your business and your customers’ payment data secure. We break it down simply so you know what’s required and what you don’t have to worry about.

What is PCI DSS?

PCI DSS stands for Payment Card Industry Data Security Standard. This is a set of requirements designed to ensure that any business or company that processes, stores, or transmits credit card information preserves a secure environment that protects cardholder data. Upon approval expect to receive a PCI compliant self-assessment questionnaire tailored to your business type. Contact your account representative with any further questions.

For more general information regarding PCI compliance visit: https://www.pcisecuritystandards.org/.

How do I become PCI compliant?

After signing up, you should receive an email with your PCI questionnaire. If you don’t see it, no stress. Just email us at info@reddepayments.com and we’ll resend it.

What is the PCI Questionnaire?

The Self Assessment Questionnaire (or better known as a "SAQ") is a requirement that every merchant must take in order to become PCI compliant. Once all questions on the SAQ are answered as "Yes" or "N/A" with an explanation, you will earn the compliant status. Depending on the business you may be required to complete a scan of your outward facing IP address given to you by your Internet Service Provider if you process credit card data through an Internet connection and/or fall under SAQ A-EP, B-IP, C, or D.

The SAQ itself is about 20-30 questions that review the proper guidelines for accepting payments and handling cardholder data. As a merchant, it is your responsibility to maintain the PCI "Compliant" status.

Example questions that may be on the SAQ:

1. Are only established connections permitted into the network?

2. Are anti-virus programs capable of detecting, removing, and protecting against all known types of malicious software (for example, viruses, Trojans, worms, spyware, adware, and rootkits)?

3. Are all anti-virus software and definitions kept current?

4. Are all users assigned a unique ID before allowing them to access system components or cardholder data?

5. Are appropriate facility entry controls in place to limit and monitor physical access to systems in the cardholder data environment?

For more general information regarding PCI Compliance visit: https://www.pcisecuritystandards.org/

How often do I need to take the PCI Questionnaire?

You will need to become compliant annually. You should receive an email asking you to renew your compliant status. If you have not received your email for renewal, please email us at info@reddepayments.com.