Ensuring You Are PCI Compliant

Payment Card Industry (PCI) Data Security Standards (PCI DSS) are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data. The Council is responsible for managing the PCI DSS, while compliance with the PCI DSS is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

The PCI DSS applies to all organizations that store, process or transmit cardholder data. EVERY business that accepts card payments and stores, processes or transmits payment card data MUST MEET the PCI DSS.

Where to Begin

Filling out a self-assessment questionnaire (SAQ) is the best way to ensure your business is PCI compliant. The following links and the table at the bottom of this page provide you with the information you'll need to help you understand the requirements.

Links to Learning More About PCI
  • PCI Overview — Find out what PCI is and why it's important for your business to become compliant. Click here.
  • Decision Tree Diagram — Use this handy decision tree diagram to determine which validation type your business fits into so that you can complete the necessary compliance steps. Click here.
The chart below provides SAQs based on how your business processes credit and debit cards. Just determine which validation type you fit into, and click the letter in the last column to access the SAQ published by the Payment Card Industry Data Security Standard (PCI DSS) Council.

SAQ Validation Type Description
For additional help in determining which category best describes your business,
click here. 		SAQ Form
1 Card-not-present (e-commerce or mail/telephone-order) merchants. All cardholder data functions are outsourced. This does not apply to face-to-face merchants. A
2 Imprint-only merchants with no electronic cardholder data storage. B
3 Stand-alone terminal merchants with no electronic cardholder data storage. B
4 Merchants with POS systems connected to the Internet with no electronic cardholder data storage. C
5 All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ. D


If you need guidance, we are happy to assist you free of charge. Contact Heartland Payment Systems at 888.963.3600 or HeartlandServiceCenter@e-hps.com.