Menu

How do you know if you are PCI compliant?

The most important approach in determining whether or not your company is PCI compliant is to fill out a PCI Self-Assessment Questionnaire. By following this procedure, you will be able to determine whether or not your company is in compliance. The current PCI DSS documents can be found on the PCI Security Standards Council website.

  1. First, take a look at how you currently gather and manage cardholder information. Examine your IT assets for vulnerabilities that a hacker could use to acquire cardholder information:
    • Is it safe to use your network?
    • Are passwords required for access to systems?
    • Do you have the most up-to-date antivirus and malware protection?
  2. After that, take steps to resolve those flaws. This could mean strengthening your e-commerce site's security or not keeping any credit card information at all. There's no reason to keep cardholder information on file unless you're using a recurring payment system. Your e-commerce platform should be able to track transactions for remarketing campaigns without collecting credit card details or other financial data, and you can conduct loyalty programs using a person's email or phone number.
  3. Finally, send your compliance reports to the banks or credit card companies with which you do business (e.g., Visa, MasterCard, American Express or Discover). You can get further compliance advice and avoid the penalties and fees that could result from not following PCI compliance guidelines.

The Security Standards Council has broken compliance down into four fundamental levels to make it as simple as possible. Use the helpful guide below to figure out where you belong:

Level 1

  • Organizations that annually process more than 6 million transactions of Visa or MasterCard, or more than 2.5 million for American Express; or
  • Have experienced a data breach; or
  • Are deemed “Level 1” by any card association (Visa, Mastercard, etc)
  • Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA)—also commonly known as a Level 1 onsite assessment—or internal auditor if signed by an officer of the company
  • Quarterly network scan by Approved Scan Vendor (ASV)
  • Attestation of Compliance (AOC) for Onsite Assessments–there are specific forms for merchants and service providers

Level 2

  • Organizations that process between 1-6 million transactions annually
  • Annual PCI DSS Self-Assessment Questionnaire (SAQ)—there are 9 SAQ types shown briefly in the table below
  • Quarterly network scan by Approved Scan Vendor (ASV)
  • Attestation of Compliance (AOC)—each of the 9 SAQs has a respective AOC form

Level 3

  • Organizations that process between 20,000-1 million online transactions annually
  • Organizations that process less than 1 million total transactions annually
  • Annual PCI DSS Self-Assessment Questionnaire (SAQ)—there are 9 SAQ types shown briefly in the table below
  • Quarterly network scan by Approved Scan Vendor (ASV)
  • Attestation of Compliance (AOC)—each of the 9 SAQs has a respective AOC form

Level 4

  • Organizations that process fewer than 20,000 online transactions annually; or
  • Organizations that process up to 1 million total transactions annually

Have other questions?

If you need further assistance or answer, please don't hesitate to contact us.

Have other questions?

The Media

Finextra One IBC Yahoo Finance
About us

who we are

about us

We are honored to serve as your reliable business partner and financial service provider in the industry and other business-related services. With the help of our professional staff, to help merchants to achieve their goals for the development and expansion of the international business market.

Our payment flow has developed in the e-commerce world to perform seamlessly and effectively across all platforms and devices. We take pleasure in combining technology with customer service, to solve your concerns at the moment.

PayCEC is a fully worldwide payment network that not only allows merchants to be paid immediately and securely, but also allows them to withdraw money in multiple currencies to their company accounts.

We will contact you shortly.

Email Phone
Scroll top