Payment Card Industry Data Security Standard (PCI DSS) Compliance

If you accept payment with credit cards or transmit or store any cardholder data, then the Payment Card Industry Data Security Standard (PCI DSS) applies to you. PCI DSS requirements apply to any credit, debit or prepaid card transaction whether it’s online, via phone or in person. So, PCI DSS compliance applies to almost every merchant doing business.

PCI DSS compliance can be confusing and expensive to implement, particularly for small- and medium-size businesses. Not to fear, 38North can help untangle PCI DSS requirements that often appear subjective in their enforcement and interpretation. It’s what we do. Trust Us to Get You There.

38North logo

Bank on 38North for PCI DSS Compliance

38North consultants have assessed organizations from numerous industries against all PCI DSS compliance requirements, and routinely conduct a variety of internal and external vulnerability assessments to identify security weaknesses.

PCI DSS Merchant Levels

Understanding PCI DSS begins with understanding your merchant level. Each level comes with varying degrees of assessment and review by internal and external assessors. Trust 38North to help ensure you’re in compliance and your consumers are protected. We work with companies of all sizes, from major to small.

1
Merchant Level 1
2
Merchant Level 2
3
Merchant Level 3
4
Merchant Level 4

Merchant Level 1

Major or Very Large

Organizations processing 6 million transactions or more per year are required to conduct an annual internal audit conducted by a qualified PCI auditor.

Quarterly PCI scans, administered by an approved scanning vendor, may also be required.

Merchant Level 2

Mid to Large

Companies processing between 1 and 6 million transactions annually must complete an annual risk assessment using the appropriate Self-Assessment Questionnaire (SAQ).

Quarterly PCI scans, administered by an approved scanning vendor, may also be required.

Merchant Level 3

Midsize

A company processing 20,000 to 1 million transactions annually is required to conduct an annual risk assessment using the appropriate SAQ.

Quarterly PCI scans, administered by an approved scanning vendor, may also be required.

Merchant Level 4

Small Business

A business processing less than 20,000 eCommerce transactions and less than 1 million other transactions must complete an annual risk assessment using the appropriate PCI Self-Assessment SAQ.

Quarterly PCI scans, administered by an approved scanning vendor, may also be required.

PCI DSS Risks and Requirements

Failure to comply can lead to stiff penalties from the major credit card companies, including American Express, Discover, JCB, MasterCard and Visa International. Even if you haven’t been breached, noncompliant organizations can face substantial fines and even have their payment card privileges revoked. The results can be devastating, irredeemably destroying your credibility, customer loyalty, and ultimately your business.

38North PCI DSS Services

No matter your merchant level, every organization can use the eye of an experienced team to speed up the PCI DSS assessment process. From getting ahead of the full assessment, supporting you with the SAQ, and guiding post-assessment remediation and implementation, trust us to help you protect your customers.

Obtain PCI DSS Compliance with 38North

Book an initial PCI DSS compliance conversation with one of our global security experts today and we’ll show you how PCI DSS compliance can help open new markets and provide industry-leading assurance.

Contact Us

Name(Required)
(Please do not provide additional PII in this box)
This field is for validation purposes and should be left unchanged.