704-989-5398 info@xbsglobal.net

PCI Compliance and Payment Card Industry Data Security Standards


XBS Global partners all B2B merchant accounts with ConstrolScan for best practices in  PCI compliance.  We’ll walk you through the SAQ.  For our merchants who want or need to go the extra mile for compliance and security of  sensitive customer credit card data and banking information ControlScan provides all the latest tools and technolgies.

Frequently Asked Questions on PCI DSS

What is the merchants obligation regarding protection of sensitive customer credit card data?

What determines PCI Compliance?

PCI compliance for most merchants means successful completion of the SAQ or self assessment questionaire.  There are different SAQ’s and which assessment to complete is based on various merchant characteristics.  XBS Global provides step by step assistance for SAQ completion. The SAQ is an annual requirement to maintain compliance.

What happens if I'm not compliant?

Merchants who do not take or pass the SAQ risk full financial responsibility in data breach.  These merchants can then be refused credit card processing privileges by the card brands, be subjected to fines and/or be catapaulted into a more rigorous  level of PCI compliance obligations.

How To Get Started With it?

As soon as your XBS Global B2B merchant account is approved and active you will be reminded to take the SAQ within the first 90 days post activation.


What are the actual standards?

In addition to 12 foundational principles that are the core of the PCI DSS, the council has released in depth versions of current standards and recommendations the most recent of which is 3.2

PCI DSS are now considered mature with further releases only expected with new risk development and identification.

Where can I find more information?

XBS G,lobal has a series of recent blogs covering the basics of PCI Compliance as well as more indepth requirements for the larger merchant.  The PCI Security Council however is the aforemost expert as developers of the standards.

It doesn't have to be complicated.

We’re here to answer the questions that inevitably arise and assist you in your merchant responsibility to protect the card data your customers have entrusted you with.

Ready To Get Started?

PCI Standards Security Council

A global forum comprised of the card brands Visa, MasterCard, Discover, JCB International and American Express dedicated to standards, guidelines and solutions for the security of sensitive account data used in the payment card industry.  Click here for the most recent and up to date version of 3.2 PCI DSS from the council.

Sensitive Credit Card Data

Credit card data considered sensitive is the credit card holders name, the PAN or primary account number which is the credit card number, the CVV or CVC2 data codes, expiration dates and/or pins.


Foundational security standards consist of 12 basic rules that have changed little since the councils inception.  Increasingly savvy Cyberhacks and new web threats or vulnerabilities however increasing the need to minimize risk (PCI scope) and for tools like encryption as well as tokenization.  A thorough examination of the cardholder data environment (CDE) is recommended.

"The pessimist complains about the wind; the optimist expects it to change; the realist adjusts the sails"

– William Arthur Ward


Telephone us

in the foothills of the Blue Ridge Mountains: Landrum, SC


With an expert in AP Automation or B2B Payment Processing.  We've got it covered on both ends.

XBS Global  Process Profitably