833-847-3280
Schedule a Call

PCI

Compliance Solutions

  • The Payment Card Industry (PCI) Council was created by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. The Council’s goal is to “develop, enhance, disseminate and assist with the understanding of security standards for payment account security.”
Request a Free Quote

MainNerve Expertise

Learn About PCI Compliance

Consequently, the Council instituted the Payment Card Industry Data Security Standard (PCI DSS). Many versions have been created over the years as they learn about new threats and technological advances.  The current version is PCI DSS 4.0 and requires being compliant by March 31, 2025.

PCI DSS provides a baseline of technical and operational requirements designed to protect account data.

Talk with an Expert
Some of the requirements for PCI compliance can include:

Reports

A Report on Compliance (ROC) submitted by a Qualified Security Assessor (QSA) or signed by an Internal Auditor that is an officer of the company.

Forms

Submittal of an Attestation of Compliance (AOC) form.

Ongoing Scans

Quarterly scans by an Approved Scanning Vendor (ASV).

Ongoing Testing

Conduct penetration testing on internal, external, and wireless networks.

A transparent image used for creating empty spaces in columns

In Simple Terms

What Does This Mean?


PCI DSS requires ALL entities involved in payment card processing to be in compliance with PCI DSS. Non-compliance can result in a merchant losing their payment card processing privileges and subsequently, their business.

  • Ready to start talking with a professional?
Speak to a Security Expert

How Do I

Become Compliant?

By determining the scope of the PCI audit that applies to your Merchant Level and following through on the requirements.

Level 1

Merchants processing over 6 million card transactions annually, across all channels or any merchant that has experienced a data breach.

Requirements include an annual onsite assessment by a Qualified Security Assessor (QSA), quarterly network scans by an Approved Scanning Vendor (ASV), penetration testing and risk assessments, and, under 4.0, increased internal controls.

Level 2

Merchants processing 1 to 6 million card transactions annually across all channels.

They are required to complete an annual self-assessment questionnaire (SAQ), quarterly network scans by an ASV, penetration testing, and risk assessments, and they should also implement ongoing training to maintain employee awareness of security practices.

Level 3

Merchants processing 20,000 to 1 million Ecommerce transactions annually.

Merchants in this category are required to complete an annual SAQ, quarterly network scans by an ASV, and penetration testing. They should also pay special attention to web application firewalls and regularly monitor their applications for vulnerabilities.

Level 4

Merchants processing fewer than 20,000 E-commerce transactions or up to 1 million total transactions in all channels annually.

They must complete an SAQ and quarterly network scans if required by the card brand. Because merchants in this category are small businesses, they are encouraged to implement cost-effective security measures like tokenization or outsourcing payment processing to third-party providers with strong PCI DSS compliance records.

blogs about

PCI Compliance

A transparent image used for creating empty spaces in columns
The Hertz Data Breach: A Wake-Up Call for C-Suite Leaders on Vendor Due Diligence
 When Hertz suffered a data breach through its managed file transfer system, the headlines focused on the technical details: two zero-day vulnerabilities, remote code execution, and stolen data. We’re not here to blame Hertz; no company is immune to cyberattacks, and zero-days by nature…
A transparent image used for creating empty spaces in columns
Gray Box Penetration Testing Benefits for SMBs
Small and mid-sized businesses (SMBs) face a unique security challenge: they have valuable data and operations to protect, but far fewer resources than large enterprises. Every dollar spent on cybersecurity must deliver maximum value, especially for something as specialized (and potentially expensive) as penetration testing.…
More Blogs

Let Us Help

Applicable Services

Network Penetration Testing
Web Application Penetration Testing
Request a Quote

Customers Who Trust

MainNerve

Great Experienced staff, made the process fast and easy. I appreciated the attention to detail throughout the whole process and will 10/10 use and recommend for those looking to test their network security.

- Carlos

A great organization to work with and true experts and professionals in the field. Their entire team was very responsive and helpful throughout the entire testing process.

- Executive at Managed IT Services Company

We were very happy with the experience and the deliverable/reporting.

- Senior Sales Executive of IT Company

This was our third time around getting penetration and vulnerability scans through Main Nerve. Transactions have always been quick and easy and all involved have been very responsive.

- President of Insurance Company

This is my second encounter with MainNerve and my experience this time was even better, which is impressive considering my first encounter was great. I definitely recommend their services for your testing needs.

- Owner of Dental Office

I was quite pleasantly surprised by the engagement. I think the thing I liked best about it was that everyone at MainNerve really took the time to listen and understand what we did, why we were doing it, and our business goals. It gave us confidence that we were in the right hands.

- Prinicipal/ Technology Company

Sheena was great in guiding us though what was a new process for us. A client had asked us for a third party penn test report and she was very helpful in helping us choose the correct product and in determining the scope.

- Software Engineer of IT/Saas Company

This is the second time we have engaged MainNerve. Both times they have done a great job and I would recommend them for pen testing. They were prompt and delivered the reporting required by our customers at part of our data security program. We will certainly use them in the future.

- President

We value our professional relationship with MainNerve. Their employees are friendly and extremely responsive. They always take care of our clients as if they were their own, while maintaining the penetration and social engineering testing. We couldn’t ask for a better Cybersecurity partner.

- MainNerve Partner: Don B., CEO
Leave us a Review
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
quick links to

Our Services

  • Network Penetration Testing
    •
  • Web Application Penetration Testing
    •
  • API Testing
    •
  • Network Vulnerability Scanning
    •
  • Mobile Application Penetration Testing
    •
  • WiFi Testing
    •
  • Web Application Vulnerability Scanning
    •
  • Security Risk Assessments
    •
    call our security experts 833-847-3280

    833-847-3280

    X-twitter Facebook-f Google Linkedin-in Threads

    Careers

    On Load
    Where? .serviceMM
    What? Mega Menu: Services
    Call
    Visit

    833-847-3280

    201 E Pikes Peak Ave Suite 2025
    Colorado Springs, CO 80903