To whom does the PCI regulations apply

May 25, 2018 in PCI Standards

The PCI DSS standards apply to all entities that process, store or transmit cardholder data. This includes all merchants and service providers with external-facing IP addresses that touch the credit card acceptance. Even if your website does not offer website based transactions you (for example, you link to a payment gateway) there are other services that make systems Internet accessible. Basic functions such as e-mail and employee internet access will result in the internet accessibility of a company’s network. These seemingly insignificant paths to and from the internet can provide unprotected pathways into merchant and service provider systems if not properly controlled.