PCI DSS Certification

Protect cardholder data and achieve compliance with the Payment Card Industry Data Security Standard, endorsed by the world's leading payment brands.

Bank card and contactless payment
Payment Security Standard

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to ensure that all organizations that accept, process, store, or transmit credit card information maintain a secure environment.

Established by the PCI Security Standards Council and endorsed by Visa, Mastercard, JCB, Discover, and American Express, PCI DSS compliance is mandatory for any entity involved in payment card processing. Non-compliance risks substantial fines, increased transaction fees, and potential loss of card acceptance privileges.

VisaMastercardJCBDiscoverAmerican Express

12 PCI DSS Requirements

1Install and maintain network security controls
2Apply secure configurations to all system components
3Protect stored account data
4Protect cardholder data with strong cryptography
5Protect all systems against malware
6Develop and maintain secure systems and software
7Restrict access by business need-to-know
8Identify users and authenticate access
9Restrict physical access to cardholder data
10Log and monitor all access to network resources
11Test security of systems and networks regularly
12Support information security with policies
Compliance Tiers

Merchant Levels

PCI DSS defines four merchant levels based on annual transaction volume, each with distinct validation requirements.

Level 1

6M+ transactions/year

Any merchant processing over 6 million card transactions annually across all channels, or any merchant that has suffered a data breach.

Annual Report on Compliance (ROC) by QSA
Quarterly network scans by ASV
Attestation of Compliance (AOC)
Penetration testing

Level 2

1M - 6M transactions/year

Merchants processing between 1 million and 6 million card transactions annually across all channels.

Annual Self-Assessment Questionnaire (SAQ)
Quarterly network scans by ASV
Attestation of Compliance (AOC)

Level 3

20K - 1M e-commerce transactions/year

Merchants processing between 20,000 and 1 million e-commerce transactions annually.

Annual Self-Assessment Questionnaire (SAQ)
Quarterly network scans by ASV
Attestation of Compliance (AOC)

Level 4

< 20K e-commerce transactions/year

Merchants processing fewer than 20,000 e-commerce transactions or up to 1 million non-e-commerce transactions annually.

Annual Self-Assessment Questionnaire (SAQ)
Quarterly network scans by ASV (recommended)
Compliance validation as required by acquirer
End-to-End Support

PCI DSS Services

Gap Assessment

Gap Assessment

Comprehensive review of your cardholder data environment against all PCI DSS requirements, identifying vulnerabilities and compliance gaps with a prioritized remediation plan.

Cardholder data flow mapping
Network segmentation review
Policy & procedure gap analysis
Scope reduction recommendations
Technical Evidence Automation

Technical Evidence Automation

Streamline evidence collection and compliance monitoring with automated tools that reduce manual effort and ensure continuous compliance posture.

Automated evidence gathering
Continuous compliance monitoring
Vulnerability scan management
Configuration baseline tracking
QSA Services

QSA Services

Our Qualified Security Assessors conduct formal on-site assessments and produce the Report on Compliance required for Level 1 merchants and service providers.

On-site PCI DSS assessment
Report on Compliance (ROC)
Attestation of Compliance (AOC)
Remediation guidance & re-testing
Business-as-Usual Monitoring

Business-as-Usual Monitoring

Post-certification support to maintain PCI DSS compliance through ongoing monitoring, quarterly scans, and annual assessment preparation.

Quarterly ASV scan coordination
Annual reassessment preparation
Incident response planning
Change management oversight

Key Deliverables

ROC

Report on Compliance

A detailed document produced by a QSA following an on-site assessment. The ROC validates that an organization meets all applicable PCI DSS requirements and is required for Level 1 merchants.

AOC

Attestation of Compliance

A formal declaration signed by both the merchant and the QSA confirming PCI DSS compliance status. This document is shared with acquiring banks and payment brands as proof of compliance.

Extended PCI Capabilities

Beyond PCI DSS, we support organizations with specialized payment security frameworks.

PA DSS

Payment Application Data Security Standard

Certification for software vendors whose payment applications store, process, or transmit cardholder data. We guide application developers through the validation process to ensure their products meet PCI SSC security requirements.

PCI 3DS

3-D Secure Core Security Standard

Certification for organizations operating 3DS components such as Access Control Servers (ACS) and Directory Servers. We assess your 3DS environment against PCI 3DS Core Security requirements and prepare you for successful assessment.

Secure Your Payment Environment

Our PCI DSS specialists will assess your cardholder data environment and build a clear path to compliance.

Request PCI AssessmentView All Certifications