If your business accepts credit cards, whether over the internet or on paper, then PCI applies to your business. The general rule states that if you process, store or transmit cardholder data then you must adhere to the Payment Card Industry Data Security Standard v2.0 (PCI DSS v2.0) which prohibits maintaining credit card information in multi-tenant environments.
Depending on the number of transactions performed annually, Merchants and Service Providers must conduct quarterly vulnerability scans and either fill out a Self Assessment Questionnaire or have a Qualified Security Assessor audit the business entity against the PCI DSS.
Visit Visa’s website below to learn more about the various Merchant and Service Provider levels. http://usa.visa.com/merchants/risk_management/cisp_overview.html
Next, go to the PCI Security Standards Council website at: https://www.pcisecuritystandards.org/saq/instructions_dss.shtml#navigating
On this page you will find an Instructions and Guidelines document, a self assessment process overview, and the self assessment questionnaire to help you in your validation.
Contact your acquiring bank or payment processor to determine their expectations for your business.
If you choose not to comply with the PCI DSS then you risk:
Because Cloud Sites is a multi-tenant environment it is not PCI-compliant. A Cloud Site can be used as a flexible front-end to a payment gateway. For more information, see this article on How to Utilize Cloud Sites in an E-commerce Solution.
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License