Though a POS Software System can be fully PA-DSS compliant, that does in fact not necessarily mean that the merchant is compliant by default. The POS system integrator must assure that they follow the implementation guide provided by the POS software company and the responsibility does not stop there. The merchant must assure they they perform quarterly network scans and submit their SAQ (Self-Assessment Questionnaire) to remain compliant. Additionally they are responsible for properly training their staff and taking responsibility to help assure their employees do not put their business nor their clients credit card information at risk.

We all have to take part in protecting card-holder data. It is unfortunate that many merchant account holders simply feel that POS companies are trying to squeeze an extra dollar out of them when in reality they are often helping them protect their clients data with the latest in security standards that help thwart the threats in the computing environment in the 21st century.