Compliance Deadlines - globally
October 11th, 2007 by admin Posted in Compliance
Uta emailed to ask a question about compliance deadlines, “Having read a lot of confusing information on deadlines by which companies are supposed to have achieved PCI DSS compliance, I hope that you may be able to shed some light on this topic“.
It’s important to remember that although the PCI SSC manages the standard, it is the card brands that have individual compliance programs - through which they enforce compliance. This means that each card brand, and potentially each region, will have a different validation deadline. The reasons for this are due to the difference in level definitions, risk levels, and the local payments architecture. It makes sense for those informed of these factors but sounds confusing to others.
The best answer to the question of compliance deadlines is always, ask your acquirer first and then the card brand. The reason for this is that even though levels are listed on the card brand websites (see the resources section) the acquirer/processor may have more specific dates for the merchant or services provider.
As you can see with our conversations about compliance in Spain, it’s not as simple as one might imagine.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
1 Trackback(s)
Sorry, comments for this entry are closed at this time.