Home > Ask the Security Channel Experts > PCI DSS Compliance Questions & Answers > PCI DSS compliance: All or nothing?
Ask The Security Channel Expert: Questions & Answers
EMAIL THIS

PCI DSS compliance: All or nothing?

Retired Expert - John Kindervag EXPERT RESPONSE FROM: Retired Expert - John Kindervag

Pose a Question
Other Security Channel Categories
Meet all Security Channel Experts
Become an Expert for this site


Security Channel Update
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 10 July 2007
I have a quick question about PCI. Say a company has two e-commerce brands: A and B. The IT infrastructures for A and B are separated. When this company is focusing on getting A compliant, is it necessary to get B compliant as well?

>
EXPERT RESPONSE
First let me note that both brands need to be in compliance with the Payment Card Industry's Data Security Standard (PCI DSS). There may be different levels of validation that need to be done between Brand A and Brand B. However, this issue is really for the merchant's acquirer (typically the credit card processor) to determine. For example, if Brand A uses Acquirer 1 and Brand B uses Acquirer 2, then each acquirer will make a determination regarding the validation requirements for each brand. In the end, the acquirer will make this decision.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
PCI DSS Compliance
How to ensure PCI-compliant firewall configurations
Vulnerability mitigation for PCI compliance
Avoiding conflicts of interest in PCI security assessments
Value-adds for PCI auditors

Regulatory Compliance Services
Channel Checklist: Top five PCI compliance mistakes and how to avoid them
How to establish decommissioning policies and procedures
Testing the firewall - Introduction
Working with Firewall Builder
Validated firewalls
Creating your checklist and Summary
Packet flow from all networks
System administration
PCI compliance: Web application firewall vs. code review
How will the planned changes in PCI-DSS affect the channel?

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts