833-847-3280
Schedule a Call

PCI

Compliance Solutions

MainNerve Expertise

Learn About PCI Compliance

Consequently, the Council instituted the Payment Card Industry Data Security Standard (PCI DSS). Many versions have been created over the years as they learn about new threats and technological advances.  The current version is PCI DSS 4.0 and requires being compliant by March 31, 2025.

PCI DSS provides a baseline of technical and operational requirements designed to protect account data.

Some of the requirements for PCI compliance can include:

Reports

A Report on Compliance (ROC) submitted by a Qualified Security Assessor (QSA) or signed by an Internal Auditor that is an officer of the company.

Forms

Submittal of an Attestation of Compliance (AOC) form.

Ongoing Scans

Quarterly scans by an Approved Scanning Vendor (ASV).

Ongoing Testing

Conduct penetration testing on internal, external, and wireless networks.

A transparent image used for creating empty spaces in columns

In Simple Terms

What Does This Mean?


PCI DSS requires ALL entities involved in payment card processing to be in compliance with PCI DSS. Non-compliance can result in a merchant losing their payment card processing privileges and subsequently, their business.

How Do I

Become Compliant?

By determining the scope of the PCI audit that applies to your Merchant Level and following through on the requirements.

Level 1

Merchants processing over 6 million card transactions annually, across all channels or any merchant that has experienced a data breach.

Requirements include an annual onsite assessment by a Qualified Security Assessor (QSA), quarterly network scans by an Approved Scanning Vendor (ASV), penetration testing and risk assessments, and, under 4.0, increased internal controls.

Level 2

Merchants processing 1 to 6 million card transactions annually across all channels.

They are required to complete an annual self-assessment questionnaire (SAQ), quarterly network scans by an ASV, penetration testing, and risk assessments, and they should also implement ongoing training to maintain employee awareness of security practices.

Level 3

Merchants processing 20,000 to 1 million Ecommerce transactions annually.

Merchants in this category are required to complete an annual SAQ, quarterly network scans by an ASV, and penetration testing. They should also pay special attention to web application firewalls and regularly monitor their applications for vulnerabilities.

Level 4

Merchants processing fewer than 20,000 E-commerce transactions or up to 1 million total transactions in all channels annually.

They must complete an SAQ and quarterly network scans if required by the card brand. Because merchants in this category are small businesses, they are encouraged to implement cost-effective security measures like tokenization or outsourcing payment processing to third-party providers with strong PCI DSS compliance records.

blogs about

PCI Compliance

A transparent image used for creating empty spaces in columns
The latest version of the Payment Card Industry Data Security Standard (PCI DSS 4.0) has made it clear that penetration testing is no longer a mere compliance checkbox—it’s a critical security measure that every business handling cardholder data must prioritize. The updated standard introduces a…
A transparent image used for creating empty spaces in columns
Social engineering attacks come in many forms, each tailored to exploit specific vulnerabilities. Types of Social Engineering Attacks Here are some of the most common methods: Phishing Phishing is the most prevalent form of social engineering. Attackers send fraudulent emails or messages that appear to…

Customers Who Trust

MainNerve

contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
On Load
Where? .serviceMM
What? Mega Menu: Services