Why Some Merchants Should Not Worry About PCI Part II

Yesterday, I wrote a post saying that the lady who cuts my hair needs to comply with 100% of the PCI standard. This was based on my experience in PCI in corporate environments, some of which do not actually store card holder data and are pretty low volume.

Saying that all merchants must adhere to 100% of the entire standard is wrong. The correct statement is that all merchants must adhere to 100% of whichever SAQ Validation Type applies to them. The different validation types do indeed enforce only a small subset of the standard on many merchants, which was pretty much my major beef with PCI.

So, there you have it. PCI does have some reasonable requirements in place, depending on the circumstances of the transaction. I stand corrected.

Tagged with:
0 comments on “Why Some Merchants Should Not Worry About PCI Part II
1 Pings/Trackbacks for "Why Some Merchants Should Not Worry About PCI Part II"
  1. […] Be sure to read the follow-up post where I stand corrected. Categories: Dialogue, Risk Management, Standards Tags: PCI […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*