Home > Ask the Security Channel Experts > PCI DSS Compliance Questions & Answers > PCI DSS compliance: All or nothing?
Ask The Security Channel Expert: Questions & Answers
EMAIL THIS

PCI DSS compliance: All or nothing?

Retired Expert - John Kindervag EXPERT RESPONSE FROM: Retired Expert - John Kindervag

Pose a Question
Other Security Channel Categories
Meet all Security Channel Experts
Become an Expert for this site


Security Channel Update
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 10 July 2007
I have a quick question about PCI. Say a company has two e-commerce brands: A and B. The IT infrastructures for A and B are separated. When this company is focusing on getting A compliant, is it necessary to get B compliant as well?

>
First let me note that both brands need to be in compliance with the Payment Card Industry's Data Security Standard (PCI DSS). There may be different levels of validation that need to be done between Brand A and Brand B. However, this issue is really for the merchant's acquirer (typically the credit card processor) to determine. For example, if Brand A uses Acquirer 1 and Brand B uses Acquirer 2, then each acquirer will make a determination regarding the validation requirements for each brand. In the end, the acquirer will make this decision.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
PCI DSS Compliance
How to ensure PCI-compliant firewall configurations
Vulnerability mitigation for PCI compliance
Avoiding conflicts of interest in PCI security assessments
Value-adds for PCI auditors

Regulatory Compliance
Red Flags Rules compliance: Are your customers informed?
PCI compliance guide: A resource for solution providers
PCI DSS pre-assessment services: Prelude to a QSA
The impact of PCI compliance on the channel
Compliance drives opportunities for security integrators
How to turn the HIPAA compliance changes into opportunities
Data protection services offer revenue for security solution providers
Agiliance and McAfee partner for better governance, risk and compliance services
SonicWall announces partnership with Western NRG
Building a framework-based compliance program

PCI DSS compliance
Web application security best practices: Tips on implementation
Application security expertise a plus when offering WAF services
PCI wireless guidelines translate to dollars for VARs
PCI compliance guide: A resource for solution providers
PCI DSS pre-assessment services: Prelude to a QSA
The impact of PCI compliance on the channel
The importance of PCI compliance
PCI compliance services FAQ
Channel Checklist: Top five PCI compliance mistakes and how to avoid them
PCI compliance: Web application firewall vs. code review

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts