Quick Shopping Cart PCI Compliance FAQ
Use the information below to learn more about PCI compliance.
What is PCI compliance?
PCI compliance is conformity to security standards set by the Payment Card Industry (PCI) Security Standards Council to protect cardholder data. The PCI council is responsible for managing the security standards, while compliance with it is enforced by major payment card brands (such as Visa®).
Who needs to be PCI compliant?
PCI standards apply to all organizations that store, process, or transmit cardholder data. If you're a merchant that accepts payment cards, you're required to be compliant with the PCI Data Security Standard (DSS). You can find out your exact compliance requirements from your payment card brand or acquirer.
How do I become PCI compliant?
Merchants need to validate their processes and controls for PCI compliance based on requirements from their payment card brand or acquirer.
For example, Visa defines levels of compliance validation based on the volume of transactions, potential risk, and exposure introduced into the payment system by merchants and service providers.
For Level 2 - Level 4 merchants, validation generally occurs through the completion of a PCI DSS Self-Assessment Questionnaire (SAQ) and quarterly Approved Scanning Vendor (ASV) scans. Level 1 merchants must have a Qualified Security Assessor (QSA) who completes an annual report on compliance. A list of approved QSA companies is available on the PCI Security Standards Council website. For more information on Visa's PCI compliance validation process, see Visa's Merchant website.
Is Quick Shopping Cart PCI compliant?
Yes. Quick Shopping Cart® is fully PCI compliant. An annual audit is performed by a Qualified Security Assessor (QSA) to confirm that all PCI requirements are met for the Quick Shopping Cart environment. Assessment activities focus on our public-facing Web servers, back-end processing systems, cardholder storage database, administrative bastion hosts, supporting infrastructure, and firewalls.
NOTE: If you use Quick Shopping Cart, you still need to complete a PCI DSS Self-Assessment Questionnaire and report PCI compliance based on your merchant level if your payment card brand requests it.
Do I need to have my Quick Shopping Cart site scanned because my merchant processor says I do?
No. Customers using Quick Shopping Cart do not need to contract third party Approved Scanning Vendor (ASV) scans against their Quick Shopping Cart website.
We complete the following activities to achieve compliance as a Level 1 PCI Service Provider:
- The Quick Shopping Cart environment is scanned monthly by an ASV.
- An annual audit is performed by a Qualified Security Assessor (QSA) to confirm that all PCI requirements are met for the Quick Shopping Cart environment, including performance of scans by an ASV.
- The QSA submits the report on compliance for the Quick Shopping Cart service to Visa. Visa reviews the report and confirms our status as a PCI DSS validated service provider.
Is Shared, Dedicated, or Virtual Private Server PCI compliant?
No. Neither Shared, Dedicated, or Virtual Private Server is PCI compliant.