Continuing our last blog post, here are three additional myths about PCI DSS we believe should be addressed.

1. Using a third-party processor exempts merchants from PCI compliance mandates.  Such an arrangement may decrease merchants’ exposure to risk, making it easier to satisfy the requirements for  validating compliance. However, it doesn’t otherwise exempt any retailer or restaurant operator from PCI DSS compliance requirements.
2. Using PCI-compliant technology at the physical point of sale constitutes PCI compliance by default.  While this may be the case, remember that PCI guidelines also require the implementation of measures to ensure the physical security of networks and payment technology as well as the maintenance of written security policies. Although it is critical that terminals and other point of sale hardware be PCI- compliant, compliance as a whole doesn’t stop there.
3. PCI DSS compliance is just for protecting consumer cardholder data. No, it’s more than that. Data security as a whole is becoming increasingly complex. Most, if not all merchants  have many assets—from human resources records, to proprietary material—to protect.

pcAmerica stands ready to assist retailers and restaurant operators with their PCI DSS compliance. Simply visit www.pcamerica.com.