PCI Compliance

Meeting the Payment Card Industry Data Security Standards (PCI DSS)

PCI DSS are a set of standards to help protect businesses and shoppers from data theft and fraud. It is mandatory for all businesses who accept card payments to comply by getting a PCI certificate. This applies to all types of card payments: online, by mail, over the phone or using credit card terminals.

There are 4 levels of PCI DSS compliance. These are based on the number of transactions processed by a business annually and how they are processed.

Opayo has the highest level (Level 1) of PCI DSS certification. View our PCI DSS certificate. This can reduce your compliance requirements.

Becoming PCI DSS compliant

You should speak to your merchant acquiring bank so they can refer you to their preferred Quality Security Assessor (QSA).

No matter what type of payments you're accepting (online, over the phone or using card machines), you'll only need one PCI certificate for your business

PCI certificates for businesses accepting online payments

If you're processing payments online through your website, the requirements for Direct integrations vary according to the number of transactions that you will be processing:

Direct integration
Level 4 compliance	Level 4 compliance Less than 20,000 transactions/annum Simplified PCI compliance using an online self-assessment questionnaire with monthly or quarterly vulnerability scans. Complete PCI form SAQ D
Level 3 compliance	20,000 - 1M transactions/annum Remote assessment, compliance validation, monthly vulnerability scans (via 10 IPs) and SSL certificate validation. Complete PCI form SAQ D
Level 2 compliance	1-6M transactions/annum Remote assessment, compliance validation, monthly vulnerability scans (via 50 IPs) and SSL certificate validation. Complete PCI form SAQ D
Level 1 compliance	6M+ transactions/annum Onsite assessment, penetration test and monthly vulnerability scans.

pcisecuritystandards.org/document_library?category=saq&document=saq