What is PCI compliance for sub-merchants?

Gain a deeper understanding of Payment Card Industry compliance by reading below.

PCI DSS Basics

PCI DSS stands for Payment Card Industry Data Security Standard. This standard was established by major credit card companies to protect cardholder data and reduce the risk of security breaches. It is a set of 12 requirements that organizations must follow to achieve and maintain compliance with the standard. Compliance with PCI DSS helps to protect sensitive information and maintain the trust of customers and the security of transactions. 

Who Has to Comply?

  • Member banks (the acquiring bank and card-issuing banks).
  • Merchants (entities who accept major card brands, including Visa, Mastercard, American Express, and Discover).
  • Service providers (internet gateways, shopping cart vendors, and hosting companies).

PCI Compliance for Sub-Merchants

To use the AndDone portal, you must go through the process of creating a sub-merchant account. One of the requirements for sub-merchants is to attest to their PCI DSS (Payment Card Industry Data Security Standard) status annually.

For an AndDone sub-merchant, the PCI DSS compliance is minimal since all of the technology is hosted by AndDone, and the insurance provider doesn't store or handle credit card data. However, it is still necessary for AndDone sub-merchants to meet PCI DSS requirements and attest to their compliance. To simplify this process, AndDone has partnered with MAXpci, a PCI DSS compliance firm. MAXpci offers our AndDone sub-merchants a simplified way to meet the PCI DSS requirements.

What is MAXpci?

MAXpci is a web-based PCI DSS Compliance firm specializing in helping merchants and sub-merchants meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS). AndDone has partnered with MAXpci to provide our merchants with a convenient and streamlined solution for achieving and maintaining PCI DSS compliance.

Once you have created a sub-merchant account with AndDone, you will receive an offer from MAXpci to assist you in meeting your PCI DSS obligations. MAXpci will email sub-merchants once per month until they either utilize the MAXpci service or opt-out. By utilizing MAXpci's services, AndDone sub-merchants gain access to the expertise and resources needed to navigate the complex landscape of PCI DSS compliance.

**Please note: AndDone sub-merchants have minimal PCI DSS requirements, as all technology is hosted by AndDone, and credit card data is not stored or handled by our insurance provider. However, it is still necessary for them to meet PCI DSS requirements.**

If you need assistance or have further questions, please refer to our self-service Knowledge Base!