What Is PCI Compliance?

Security lock on top of credit card

Whether you’re a small mom and pop shop, a restaurant owner, a nonprofit, or a service provider, all are at risk for having their systems and data compromised. In 2019, the Ponemon Institute reported that the average cost of a data breach is $3.92 million.* Taking the appropriate steps to help minimize your risk could assist with reducing your PCI scope and make it easier to become and remain PCI compliant.

We make cardholder security a top priority by investing in the tools and technology you need to protect your customers’ sensitive data. Our solutions help merchants quickly and easily complete annual assessments and validate PCI compliance.

The Basics of PCI Compliance

Introduced by the major card brands, the Payment Card Industry Security Standards Council (PCI SSC) formulated a set of guidelines to enforce a robust card data security process. Any merchant storing, processing, transmitting, or affecting credit or debit card information must always adhere to the standards and certify compliance annually. Regardless of your payment processing method, PCI compliance is a requirement for every business that accepts credit and debit cards.

PCI compliance is an ongoing data security effort each merchant must follow to help ensure customers’ credit card data is secure. Compliance isn’t just a one-time responsibility, but rather an on-going process that needs to be continually monitored and maintained for safety concerns and vulnerabilities.

How PCI Compliance Works

We offer online tools that can help you achieve PCI compliance anytime. Here are some steps you need to know in order to understand and move through the compliance process.

  1. Identify your PCI compliance level – There are four levels of PCI compliance. Levels are based on credit, debit, and prepaid transaction volume over a 12-month period.
    • Level 4 is for merchants that either process up to 1 million offline sales or fewer than 20,000 e-commerce transactions annually.
    • Level 3 is for e-commerce merchants that process between 20,000 and 1 million credit and debit card transactions annually.
    • Level 2 is for merchants that process between 1 million and 6 million card-based transactions a year. The channel used to capture payment data is irrelevant.
    • Level 1 is for merchants that process more than 6 million card transactions a year — regardless of whether they capture payment information online, over the phone, or in-person (at a checkout counter).
  2. Complete the appropriate PCI Self-Assessment Questionnaire (SAQ) – There are currently eight different SAQ types based on how a merchant processes transactions and handles cardholder data. A merchant can work with his or her payment provider to determine the appropriate SAQ to complete.
  3. Fill out your Attestation of Compliance (AOC) – Once the SAQ is complete, validate your compliance by completing the appropriate attestation form.
  4. Maintain PCI compliance throughout the year with the assistance of a Quality Security Assessor (QSA) and Approved Scanning Vendor (ASV) – These service providers will help you mend the security gaps and fix vulnerabilities.
  5. Submit documents to merchant acquirer/credit card processing company – Include your SAQ, AOC, and any scanning reports.

Solutions That Tie to PCI Compliance

We offer PCI compliance solutions that can help you reduce the time, costs, and resources spent on meeting the requirements. We help take the guesswork out of the process so you can get back to growing your business.

PCI Rapid ComplySM

Our PCI Rapid Comply online tool helps ease the PCI compliance process and reduce the headaches. You’ll benefit from a step-by-step SAQ tool to help complete the questionnaire, an integrated scanning tool for quarterly scans, and comprehensive support available via chat, email and phone to answer any questions you may have.


Encryption and tokenization work together to protect financial data during transactions. Encryption protects sensitive payment information while it is in transit for authorization by converting the payment card data into code that becomes unreadable to anyone without access permission. Tokenization replaces the cardholder account number by assigning randomly-generated numbers that are meaningless to fraudsters. TransArmor Data Protection tokenizes sensitive cardholder data from the time a consumer makes any form of payment, while data is in transit, and while that data is stored.

Why Do You Need PCI Compliance?

PCI compliance is more than just important – it’s mandatory. In the event of a breach, a non-compliant merchant may be subject to fines from the payment processor, legal fees, card replacement charges, costly forensic audits, brand damage, and termination of their card acceptance agreement. These serious consequences could potentially put a merchant out of business.

Let us help you achieve and maintain PCI compliance and avoid any catastrophic events. Contact us today to learn more about the resources and solutions available to help reduce your scope, minimize risk, and protect your small business or large business.