PCI Compliance

PCI DSS compliance is a set of security standards designed to ensure that companies that handle credit card transactions maintain a secure environment.

How a company proves that they are PCI-compliant depends on their reporting level, which itself is determined by the volume of transactions that company handles. Level 1 (the highest) is reserved for companies handling over 6 million transactions per year.

Below level 1 companies are only required to complete a Self-assessment questionnaire, SAQ, to confirm they are PCI compliant. The exact SAQ depends on various factors including whether companies are handling or storing card details.

At level 1, in addition to a questionnaire companies are required to produce a report by a qualified security assessor (QSA).