Do you run a business that processes, transmits, or stores credit card information?

If so, you must be compliant with the regulations put out as part of the payment card industry data security standard – the PCI DSS.

Whether you’re a traditional brick-and-mortar storefront, a web-based merchant, or some combination of the two, it doesn’t matter. The PCI DSS regulations are designed to keep your customers' credit card data safe and secure from cybercriminals and other bad actors on the internet.

But exactly how your business needs to comply with the PCI DSS is different depending on the amount of transactions processed. To further complicate things, you’ll need to be compliant with each credit card brand under the PCI DSS: Visa, Mastercard, American Express, Discover, and JCB.

But no matter your business – whether you’re a tiny local coffee shop or a multinational corporation – 1st Secure IT can help.

We’ll help you understand what you need to do to obtain PCI DSS compliance, so you can continue to provide the high-quality goods your customers have come to expect from you.

Categories Of Merchant PCI DSS Compliance

While the merchant levels vary by card brand, in general the PCI DSS outlines four different levels of merchant compliance, depending on the number of transactions processed each year.

It’s important to note that your merchant level is ultimately determined by your acquiring bank.

PCI DSS Level 1 Compliance

A level 1 merchant is the highest merchant level in the PCI DSS.

If your company is a level 1 merchant, it means you’re processing the following:

Visa/Mastercard/Discover – over 6 million transactions annually

American Express – over 2.5 million transactions annually

JCB – over 1 million transactions annually

If your organization has recently suffered a data breach, you may find yourself considered a level 1 merchant as well.

Because level 1 merchants have the highest risk – whether due to number of transactions or recent data breach – the requirements are the strictest. This includes:

  • An annual report on compliance (ROC) done by a qualified security assessor (QSA)
  • A network scan done at least once per quarter by an approved scan vendor (ASV)
  • A completed attestation of compliance

PCI DSS Level 2 Compliance

If your company is PCI DSS level 2, you’re processing:

Visa/Mastercard/Discover – between 1 and 6 million transactions annually

American Express – between 50,000 and 2.5 million transactions annually

JCB – fewer than 1 million transactions annually

In order to remain PCI DSS compliant, level 2 merchants need to have:

  • A completed self-assessment questionnaire (SAQ) once a year
  • A network scan done at least once per quarter by an approved scan vendor (ASV)
  • A completed attestation of compliance

PCI DSS Level 3 Compliance

If your company is PCI DSS level 3, you’re processing:

Visa/Mastercard/Discover – between 20,000 and 1 million transactions annually

American Express – fewer than 50,000 transactions annually

It’s worth noting that for JCB, there is no level 3 compliance.

PCI DSS level 3 compliance requirements are the same as level 2:

  • A completed self-assessment questionnaire (SAQ) once a year
  • A network scan done at least once per quarter by an approved scan vendor (ASV)
  • A completed attestation of compliance

PCI DSS Level 4 Compliance

If your company is PCI DSS level 4, you’re processing:

Visa/Mastercard/Discover – fewer than 20,000 transactions annually

Neither JCB nor American Express have a level 4.

PCI DSS level 4 compliance requirements are the same as level 2 and 3:

  • A completed self-assessment questionnaire (SAQ) once a year
  • A network scan done at least once per quarter by an approved scan vendor (ASV)
  • A completed attestation of compliance

PCI DSS Compliance Solutions

PCI DSS requirements can be a complex landscape to manage. Fortunately, 1st Secure IT is there for you.

We offer a number of solutions for merchants of all levels to keep you PCI DSS compliant as simply and pain-free as possible.

On-Site QSA Validation (Level 1 and 2 Merchants)

If you’re a level 1 or 2 merchant, you’re likely a high-level enterprise with millions of dollars in transactions passing through your organization.

To make sense of all this may seem overwhelming on its own. And then, throw in 12 different compliance requirements? Yikes.

But 1st Secure IT is here for you.

For level 1 and 2 merchants, we offer an on-site QSA validation service. This is an all-in-one “hand holding” solution which will give you everything you need to maintain PCI DSS compliance.

You’ll get an experienced QSA on-site with you to:

  • Determine the scope of your compliance needs
  • Scan your network for vulnerabilities
  • Run a series of penetration tests
  • Run a GAP analysis to test for what’s missing in your systems
  • Complete your report on compliance (ROC)
  • Fulfill any other PCI DSS needs you may have

To find out more about 1st Secure IT’s industry-leading QSA services, call us at 1-866-735-3369 or email us at info@1stsecureit.com

On-Site QSA Validation (Level 3 and 4 Merchants)

If you’re a level 3 or 4 merchant, you’re a smaller organization. You consider yourself an SMB, and you’re either a growing business or you’re planning on growing.

Your PCI DSS needs are different than a level 1 or 2 merchant, but they’re no less a hassle. You still need to make sure you’re compliant if you want to keep accepting credit cards.

At this stage in your business, you can’t afford to get hit with a fine for non-compliance. Those fines are a hassle for a larger corporation, but they can destroy an SMB.

Don’t worry. 1st Secure IT has you covered.

When you work with 1st Secure IT, you’ll get a full service PCI Portal that will:

  • Walk you through the process of deciding which PCI self-assessment questionnaire (SAQ) is right for your business
  • Help you complete your SAQ
  • Scan your systems for vulnerabilities

We’ll keep you PCI DSS compliant, so you can continue to roll forward with your business plans secure in the knowledge that the PCI SSC won’t come knocking at your door. At the same time, you’ll be safer from data breaches and other attacks.

To find out more about 1st Secure IT’s industry-leading QSA services, call us at 1-866-735-3369 or email us at info@1stsecureit.com

Approved Scanning Vendor (ASV) Vulnerability Scanning Service

Every system has vulnerabilities. Some have yet to be discovered, but others are well-known.

If you’ve been working with a complex set of systems, it’s important to implement a patch and vulnerability management strategy.

A patch is an update to existing software that adds functionality or corrects a defect. These are often released after a security researcher or a hacker finds a weakness in a piece of software.

Meanwhile, a vulnerability is a flaw or weakness which, if exploited, may result in an intentional or unintentional compromise of a system.

Patches are designed to fix vulnerabilities – just like patching a hole in a boat means you’ll stay dry and sail another day, a software patch fixes a leak of a different sort, a security leak.

In order to remain PCI DSS compliant, merchants need to conduct a vulnerability scan at least once per quarter.

1st Secure IT can help you.

Our quarterly ASV vulnerability scanning service provides tools that accurately and efficiently evaluate your IT security. We’ll find out any weaknesses and offer you a plan to fix them.

The result is a safer, securer business you can rely on.

To find out more about 1st Secure IT’s ASV vulnerability scanning service, call us at 1-866-735-3369 or email us at info@1stsecureit.com

Contact 1st Secure IT

If you’re a merchant that stores, transmits, or processes credit card transactions, you need to be PCI DSS compliant.

We can help.

Contact 1st Secure IT at 1-866-735-3369 or email us at .

We’ll be with you every step of the way to keep you compliant so you can avoid getting fined, and, more importantly, avoid a costly data breach.

Contact 1st Secure IT today, and keep yourself secure in an uncertain digital world.

If you need help getting started... Contact Us!