The Payment Card Industry Data Security Standards are requirements designed to minimize theft and misuse of sensitive credit card data at every level of credit card processing.

Member Banks - Acquiring Bank and Card Issuing Banks. Merchants - Any merchant who accepts any of the major card brands, including Visa, Mastercard, American Express and Discover. Service Providers - Internet Gateways, Shopping Cart Vendors and Hosting Companies

The card associations require that cardholder information be handled and maintained in a secure fashion. ALL merchants are required to meet the PCI compliance guidelines

Compliance is the process of implementing the security controls and policies required by the standard. Validation is the process of proving that you are compliant. PCI compliance requires both functions to be performed.

You are required to validate compliance every 12 months.

You will receive a Certificate of Compliance once you have completed the required SAQ and scan, if required, that you will be able to provide to your new merchant service provider to validate your compliance.

A static IP address is the number assigned to a computer by an Internet service provider to be its permanent address on the Internet. If you have a static IP your IP address remains the same every time you log in. Once you have provided MAXpci with your IP address your scans will be performed without any action required on your part. A dynamic IP address is your IP address for only as long as you are logged in for a session on the Internet. Once you disconnect from the Internet, that dynamic IP address goes back into the IP address pool so it can be assigned to another user. Consequently you will rarely, if ever, have the same IP address twice.

MAXpci offers PCI compliance solutions via an on-line, automated self-assessment program developed to guide merchants through the PCI DSS compliance assessment and validation process. MAXpci offers merchants support through email, by chat, or by contacting our US-based support team. Level 3 and 4 PCI merchants are not required to validate self-assessment compliance through a QSA; therefore, MAXpci is not required to be a QSA. We partner with Viking Cloud, an Approved Scanning Vendor, (ASV), to run external vulnerability scans and provide technical support to merchants requiring a scan.