PCI DSS Applicability Information
PCI DSS applies to all entities involved in payment card processing – including merchants, processors, financial institutions, and service providers, as well as all other entities that store, process, or transmit cardholder data and/or sensitive authentication data.
Cardholder data and sensitive authentication data are defined as follows:
The primary account number is the defining factor for cardholder data. If cardholder name, service code, and/or expiration date are stored, processed or transmitted with the PAN, or are otherwise present in the cardholder data environment, they must be protected in accordance with applicable PCI DSS requirements.
Course Merchant – PCI Compliance Information
Course Merchant itself is not a Payment Application. Course Merchant does not store, process or transmit credit card data. In all cases, Course Merchant connects to hosted payment pages from Internet Payment Services providers such as Authorize.net, Paypal, WorldPay, SagePay and others. Because of this, Course Merchant is not a Payment Application and it does not require PCI compliance. PCI compliance is gained via your account with an Internet Payment Application.
Further Information
Please see https://www.pcisecuritystandards.org, or visit https://www.pcisecuritystandards.org/document_library for the most recent PCI information.
