Ensuring you are PCI Compliant

Payment Card Industry (PCI) Data Security Standards (PCI DSS) are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data. The Council is responsible for managing the PCI DSS, while compliance with the PCI DSS is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

The PCI DSS applies to all organizations that store, process or transmit cardholder data. EVERY business that accepts card payments and stores, processes or transmits payment card data MUST MEET the PCI DSS.

Where to Begin

Filling out a self-assessment questionnaire (SAQ) is the best way to ensure your business is PCI compliant.

The chart below provides SAQs based on how your business processes credit and debit cards. Just determine which validation type you fit into, and click the letter in the last column to access the SAQ published by the Payment Card Industry Data Security Standard (PCI DSS) Council.

SAQ Validation Type Description SAQ Form
1 Card-not-present (e-commerce or mail/telephone-order) merchants. All cardholder data functions are outsourced. This does not apply to face-to-face merchants. A
2 Imprint-only merchants with no electronic cardholder data storage. B
3 Stand-alone terminal merchants with no electronic cardholder data storage. B
4 Merchants with POS systems connected to the Internet with no electronic cardholder data storage. C
5 All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ. D

If you need guidance, contact Heartland at 888.963.3600 or HeartlandServiceCenter@e-hps.com.

Addional PCI links

This section contains several additional links to web resources with information on what you, as a merchant, need to know about PCI compliance and the risks you face of non-compliance.

PCI Security Standards

PCI Self Assessment Questionnaire

Payment Application Data Security Standard


Wikipedia (PCI DSS)

List of Qualified Security Assessors (QSAs)