A.) According to the PCI DSS documentation,
“PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits
or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly
using a credit card or debit card, then the PCI DSS requirements apply.”
We are compliant, because we do not receive any Payment Card Industry data. Our POS integration module is designed to receive workstation events rather than card specific data (i.e. void on register #23).
Because eConnect adheres to the highest security standards and technologies, we are happy to participate in any PCI audit or certification of the local eConnect server. PCI Certifications are completed at the property/installation level. They are conducted by 3rd parties, and eConnect does not cover the cost of these audits.
If PCI certification is not 100% necessary, but you would still like to alleviate any potential liability of your department, we are happy to draft a letter stating our compliance.