Frequently Asked Questions

< Back to search page

Do ISPs that provide only internet connection need to comply with the PCI DSS?

FAQ Response

If the ISP only provides a “pipe” for internet access, then it is not considered a service provider and is not subject to PCI DSS compliance. However, if the ISP is providing additional services such as firewalls or hosting functions, it is considered a service provider and would need to comply with the PCI DSS.

March 2009
Article Number 1044

What are acceptable formats for truncation of primary account numbers?

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

How can an entity ensure that hashed and truncated versions cannot be correlated, as required in PCI DSS Requirement 3.4?

How does PCI DSS apply to VoIP?

How does encrypted cardholder data impact PCI DSS scope for third-party service providers?

Frequently Asked Questions

Do ISPs that provide only internet connection need to comply with the PCI DSS?

Related Articles