I’m already using a “PCI-compliant” terminal/gateway. Why must my account be certified for PCI compliance?

The PCI Security Standards Council has various requirements programs. The Payment Application Data Security Standards (PA-DSS) is a set of requirements to help software vendors and others develop secure payment applications that do not store prohibited data such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS.

Use of a terminal/gateway that runs PA-DSS certified software is one of many components that are evaluated in the assessment of an account’s PCI DSS compliance.