PCI DSS (Payment Card Industry Data Security Standard) is a set of #cybersecurity regulations for businesses handling credit card data.
Formed in 2004 by Visa, MasterCard, Discover, and American Express, it is administered by the Payment Card Industry Security Standards Council (PCI SSC).
PCI DSS applies to all merchants dealing with cardholder data, regardless of revenue and transaction volume.
Compliance is validated either annually or quarterly, and is performed by a firm-specific Internal Security Assessor (ISA) or an external Qualified Security Assessor (QSA).
There are four levels of compliance for merchants: they all depend on the volume of transactions for a particular brand within a year. Mastercard typically uses the same values as Visa.
- Level 4: < 20k transactions/year — Questionnaire (e-commerce only)
- Level 3: < 1M transactions/year — Questionnaire
- Level 2: < 6M transactions/year — Questionnaire + Quarterly vulnerability scans
- Level 1: ≥ 6M transactions/year — Full onsite audit + Vulnerability scans2
For service providers, there are just two levels of compliance. The PCI SSC document defines them as the following:
- Level 2: < 300k transactions/year — Questionnaire + Vulnerability scans
- Level 1: ≥ 300k transactions/year — Full onsite audit + Vulnerability scans
There are 2 partners of ePrivacyNow that are ISA and QSA these are SISA and QRC Solutions and our Payment Partner AltPaynet(Level 1) has the highest level of certification granted by the payments industry.
For more information on how we can help you, book a consultation with us.