As we know, that the PCI DSS (Payment Card industry – Data Security System) has been made mandatory for all the payment services using online resources or web based platform for transmitting of the money. The system has many benefits to the online merchants and the consumers, but there are also some misleading information prevails that puts question to the authenticity of the system. The first and foremost information that misleads various merchants is the probations regarding the upgrading of the system and software maintenance. The merchants have been informed that every year they need to upgrade the entire system and also the software with the hardware devices and the expense of which is equivalent to the expense of installing the new system. The real fact is different and this information is not at all correct. As per the PCI Self Assessment Questionnaire there is no need to upgrade the system or software even after one year for every merchant. Only those merchants need to upgrade the system that has business expansions of more number of users using the payment gateway. Also, most of the merchants have known that the system requires year inspection and firewall renewal, which is also not true. A firewall cannot required renewal after every year, it depends on the number of clients and workstations where the PCI has been installed.