Menu
× Industries Products & Services Payment Gateway Support Partners Contact Us

Call
+1-800-419-1772
PCI Compliance Guide

PCI Compliance Guide

If you own a merchant account, then it is most likely you are familiar with the term “PCI Compliance.” It is also just as likely that you may not know exactly what PCI compliance has to do with your business and why we created this easy to understand PCI Compliance Guide.

What is PCI Compliance?

The official term for anything related to PCI compliance is Payment Card Industry Data Security Standard (PCI DSS). The PCI compliance guide requirements apply to all companies that process credit cards, transmit credit card data or store credit card data. These requirements are designed to ensure that merchant account owners process and store credit card customer data in the most secure environment possible.

It is a fairly new requirement as it was implemented in 2006 by many of the major credit card companies such as Visa, Mastercard, American Express and Discover Card. If your business is not in compliance with the requirements, then you will start accruing fees and fines until you have met the requirements.

PCI Compliance Levels

It is stressful to many of our customers when they find out that they are no longer in compliance. If you do receive a notice stating PCI compliance issues, we recommend that you call SecureGlobalPay right away. We will work with you to help you figure out what area of your business is no longer PCI compliant. The first step we take is to figure out is what level of PCI Compliance processing your business falls under. Each processing level has its own set of PCI compliance guide rules.

Merchant Level 4
A merchant account Level 4 is usually defined by the volume that is processed. Typically, it is no larger than $20,000 for ecommerce transactions and up to $1 million for any “types” of credit card processing. If you are at a level 4, there are typically 3 forms that the financial institution will ask you to fill out annually:

Annual Self-Assessment Questionnaire
Quarterly Network Scan by ASV
Attestation of Compliance Form

Merchant Level 3
Merchant Level 3 is very similar to merchant Level 4. E commerce transaction volumes are no larger than $20,000 and a merchant can process up to 1 million dollars per year.
You will also be asked to fill out the following forms:

Annual Self-Assessment Questionnaire
Quarterly Network Scan by ASV
Attestation of Compliance Form

Merchant Level 2
If you are a Level 2 merchant account owner, then you are processing volume between $1 million and $6 million dollars annually. This volume is calculated for any and all transactions that you process with a credit card. The forms that you would fill out are the same as Level 3 and 4 and include:

Annual Self-Assessment Questionnaire
Quarterly Network Scan by ASV
Attestation of Compliance Form

Merchant Level 1
Merchant Level 1 covers any merchant account owner processing more than 6 million dollars annually through their merchant account. You may fall into this category level if you have had a data breach in the past that has resulted in sensitive customer data being compromised. Your compliance forms will be much more extensive and includes:

Annual Report on Compliance filled out by Qualified Security Assessor (This form can only be filled out by the Qualified Security Assessor who will come to your place of business and perform an onsite audit)
Quarterly Network Scan by ASV
Attestation of Compliance Form

If you are processing in multiple location, you will need to fill out forms for each location.

Which PCI Compliance Guide Form Should I Fill Out?

As noted above, each merchant level has to fill out a particular self-assessment questionnaire form. The  PCI Compliance Guide is an actual self-evaluation questionnaire designed to look into how you securely handle the credit cards processing for your business. There are eight different “types” of SAQ forms. It is important that you find the one that best describes your business.

SAQ A for Merchants – this form is specifically for merchant account owners who process cards that are not present. This is mainly for merchants who do business through an online portal, or over the phone. All processing is done offsite with a 3rd party merchant processor. These merchants will have no on site equipment.

SAQ A-EP for Merchants – This is specifically for merchant account owners who receive income through an ecommerce website. However, all of their credit card processing is outsourced to a third party (i.e.authorize.net). They do absolutely nothing with cardholder data.

SAQ B for Merchants – This is for merchants account owners who have onsite credit card processing equipment but credit card data is not stored on these machines.

SAQ B-IP for Merchants – This is for merchant account owners who do not store any electronic card data on their terminals. They use a standalone payment terminal connected via an IP to process credit cards.

SAQ C-VT for Merchants – Merchant account owners that manually enter all of their credit card transactions via a keyboard into a virtual terminal and sent it to be processed by a third party will want to fill out this form.

SAQ C for Merchants – This form is typically for merchant account owners with a credit card processing system that is connected to the internet.

SAQ P2PE-HW for Merchants – This is for all merchant account owners that only process credit card transactions through processing hardware.

SAQ D for Merchants – This form is for any merchant not covered in the list above.

What Are Vulnerability Scans or Quarterly Network Scans?

A vulnerability scan is usually done quarterly by an approved PCI compliant vendor. It is an automated procedure designed to scan a merchant account owner’s system and check for security vulnerabilities.

What is an Attestation of Compliance?

An Attestation of Compliance is simply a form signed by you that states you are participating in the quarterly vulnerability scans and filling out the SAQ’s.

If you are a SecureGlobalPay customer we make it easy to be in compliance. We do not charge fees for merchants who complete their PCI Compliance Guide questionnaire. We have made the form to fill out simple and easy-to-understand. It will take just minutes, not hours, to complete and we are more than happy to walk you through this process, step by step. If needed, we can offer you instant results in regards to your compliance status.

At SecureGlobalPay, our sales reps and staff are all trained in current, up to date security protocols and the PCI Compliance Guide. We will be more than happy to offer useful tips for safeguarding your business and customer information so you can continue to remain in compliance with industry standards and focus more on running your business and taking care of your customers.

Merchant Application