PCI Compliance

Learn more about how to become PCI compliant.

What is PCI DSS?


PCI DSS stands for Payment Card Industry Data Security Standard. This is a set of requirements designed to ensure that any business or company that processes, stores or transmits credit card information preserve a secure environment that protects cardholder data. Upon approval expect to receive a PCI compliant self-assessment questionnaire tailored to your business type. Contact your account representative with any further questions.


For more general information regarding PCI Compliance visit: https://www.pcisecuritystandards.org/



How do I become PCI compliant?


Upon signup you should have received an email with your PCI Questionnaire. If you don't have the email, don't worry! Just email us at info@reddepayments.com so we can resend you the questionnaire.



What is the PCI Questionnaire?

The Self Assessment Questionnaire (or better known as a "SAQ") is a requirement that every merchant must take in order to become PCI compliant. Once all questions on the SAQ are answered as "Yes" or "N/A" with an explanation, you will earn the compliant status. Depending on the business you may be required to complete a scan of your outward facing IP address given to you by your Internet Service Provider if you process credit card data through an Internet connection and/or fall under SAQ A-EP, B-IP, C, or D.


The SAQ itself is about 20-30 questions that review the proper guidelines to accepting payments and handling cardholder data. As a merchant, it is your responsibility to maintain the PCI "Compliant" status.



Example questions that may be on the SAQ:


1. Are only established connections permitted into the network?

2. Are anti-virus programs capable of detecting, removing, and protecting against all known types of malicious software (for example, viruses, Trojans, worms, spyware, adware, and rootkits)?

3. Are all anti-virus software and definitions kept current?

4. Are all users assigned a unique ID before allowing them to access system components or cardholder data?

5. Are appropriate facility entry controls in place to limit and monitor physical access to systems in the cardholder data environment?



For more general information regarding PCI Compliance visit: https://www.pcisecuritystandards.org/



How often do I need to take the PCI Questionnaire?

You will need to become compliant annually. You should receive an email for you to renew your "compliant" status. If you have not received your email for renewal, please email us at info@reddepayments.com.