Best practices would be to certify each merchant ID (MID) number individually. Some businesses choose to certify by multiple MID numbers under one entity. However, if multiple locations are certified under one entity and a compromise were to occur, all MID numbers are subject to forensic investigation, versus only the identified MID.
Articles in this section
- How do I become PCI Compliant?
- What are the PCI compliance levels and how are they determined?
- If I only accept credit cards over the phone, does PCI still apply to me?
- My business has multiple locations; is each location required to validate PCI compliance?
- Are debit card transactions in scope for PCI?
- Am I PCI compliant if I have an SSL certificate?
- What are the penalties for noncompliance?
- What is defined as ‘cardholder data’?
- What is the definition of merchant?
- What constitutes a payment application?