Frequently Asked Questions

< Back to search page

PCI DSS provides a common data security standard across all payment brands. Are there any plans to provide a common structure of penalties and/or fines for non-compliance to this standard?

FAQ Response

The PCI Security Standards Council publishes and distributes PCI Security Standards, including errata and addenda, and all related documents associated with assessor, vendors and laboratory policies and procedures. Any fines and/or penalties associated with non-compliance with the PCI DSS are defined by the payment card brands. For further details, please contact the individual payment card brands directly.

February 2008
Article Number 1124

Does a QSA need to be onsite at the client’s premises for all aspects of a PCI DSS assessment?

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

What are acceptable formats for truncation of primary account numbers?

Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for onsite assessments?

What is the role of acquirers and assessors in determining the applicability of PCI DSS requirements for a merchant’s PCI DSS assessment?

Frequently Asked Questions

PCI DSS provides a common data security standard across all payment brands. Are there any plans to provide a common structure of penalties and/or fines for non-compliance to this standard?

Related Articles