Frequently Asked Questions

< Back to search page

Do ISPs that provide only internet connection need to comply with the PCI DSS?

FAQ Response

If the ISP only provides a “pipe” for internet access, then it is not considered a service provider and is not subject to PCI DSS compliance. However, if the ISP is providing additional services such as firewalls or hosting functions, it is considered a service provider and would need to comply with the PCI DSS.

March 2009
Article Number 1044

Who has to comply with the PCI standards?

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

What are acceptable formats for truncation of primary account numbers?

How does encrypted cardholder data impact PCI DSS scope for third-party service providers?

How does PCI DSS apply to VoIP?

Frequently Asked Questions

Do ISPs that provide only internet connection need to comply with the PCI DSS?

Related Articles