PCI DSS applies to ALL companies that accept, store or transmit any cardholder data, regardless of your transaction volume and business size. Here are some PCI compliance frequently asked questions:
Does PCI DSS still apply to my company if I only accept credit cards over the phone?
Yes. Remember that all businesses that accept card payment methods must comply with PCI DSS. Otherwise, in the event that your company’s data is breached and your customer information is vulnerable, you’ll be held liable.
Will PCI compliance apply to my company if we don’t store any credit card data?
If you accept debit or credit cards as payment methods, PCI compliance still applies to your company. It’s just easier to become compliant in case you don’t store card data. While you don’t store card data, you’ll still need to prove your status (not handle cardholder data) in a SAQ form. We’ll explain it in the next part.