What is PCI Compliance?
PCI compliance refers to the Payment Card Industry Data Security Standards (PCI DSS), a set of security requirements established by major card brands such as Visa, Mastercard, American Express, and Discover. These standards are designed to protect cardholder data and reduce the risk of fraud.
Any business that processes, stores, or transmits credit card information is required to validate PCI compliance on an annual basis.
Why PCI Compliance Is Required
PCI compliance is not optional. Card brands require annual validation to ensure that merchants are handling payment data securely. Maintaining compliance helps:
- Protect customer payment information
- Reduce the risk of data breaches and fraud
- Avoid monthly PCI non-compliance fees
- Maintain uninterrupted payment processing
Failure to complete PCI requirements can result in recurring non-compliance fees until validation is completed.
How PCI Compliance Works with BridalLive
BridalLive partners with Fullsteam for payment processing, and PCI compliance is managed through SecurityMetrics, an independent third-party compliance provider. Using a neutral third party ensures an unbiased and standardized compliance process.
Important notes:
- BridalLive cannot complete PCI compliance on a merchant’s behalf
- BridalLive support does not review PCI questionnaires or scan results
- All PCI validation, scans, and remediation are handled directly through SecurityMetrics
Online Payments and Shopping Cart Monitoring
If your shop accepts any online payments—including appointment deposits, cancellation fees, or eCommerce checkouts—SecurityMetrics may require Shopping Cart Monitoring as part of your PCI validation.
This requirement is determined by SecurityMetrics based on how your shop accepts payments, not by BridalLive. BridalLive cannot assess whether Shopping Cart Monitoring is required for your account and does not manage or configure this tool.
If Shopping Cart Monitoring is requested, SecurityMetrics will provide guidance on what is needed and how to complete setup. This is a common requirement for merchants accepting online payments and does not indicate a problem with your account.
What Merchants Are Required to Do
To remain compliant, merchants must:
- Complete an annual Self-Assessment Questionnaire (SAQ) through SecurityMetrics
- Complete quarterly vulnerability scans, if applicable
- Submit an Attestation of Compliance (AOC)
SecurityMetrics provides guided questionnaires and scan tools based on how your business accepts payments (terminal, computer, eCommerce, mobile, etc.).
PCI Fees Explained
- PCI Service Fee: Covers access to SecurityMetrics tools, questionnaires, scans, and support
- PCI Non-Compliance Fee: Applied monthly if compliance validation is not completed
Non-compliance fees are removed once valid PCI documentation is submitted.
Getting Help with PCI Compliance
All PCI-related questions—including compliance status, questionnaire assistance, scans, or remediation—must be directed to SecurityMetrics Support. This ensures compliance remains independent and aligned with card brand requirements.
If you have attempted to contact SecurityMetrics and have not received a response within their stated timeframe, BridalLive or Fullsteam may assist with coordination after a ticket has been submitted.
Important Security Reminder
For security reasons:
- Never share credit card numbers, CVV codes, or sensitive payment data via email or support tickets
- BridalLive support will never request full card details
Summary
PCI compliance is a required, annual responsibility for all merchants accepting card payments. By completing PCI validation through SecurityMetrics, you help protect your customers, your business, and your ability to process payments securely.