PCI DSS
Since the site goes through the entire payment process, the site must ensure the security of card data and their protection.
Vulnerability scans and virus scans should be performed quarterly to validate security compliance. Scanning must be done by an authorized scanning provider
Vulnerability scans and virus scans should be performed quarterly to validate security compliance. Scanning must be done by an authorized scanning provider
| Level | Number of operations | Annually | Quarterly |
|---|---|---|---|
| Level 1 | More than 6 million | Submit a Report on Compliance ("ROC") prepared by a Qualified Security Assessor ("QSA") or an internal auditor if such report is signed by the head of the company. We recommend PCI SSC Internal Security Assessor ("ISA") status to your internal auditor. Submit the Attestation of Compliance ("AOC") Form | Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization |
| Level 2 | 1-6 million transactions | Conduct a conformity assessment by completing an Assessment Questionnaire ("SAQ"). Submit the Attestation of Compliance ("AOC") Form | Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization |
| Level 3 | 20 thousand - 1 million | Conduct a conformity assessment by completing an Assessment Questionnaire ("SAQ"). Submit the Attestation of Compliance ("AOC") Form | Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization |
| Level 4 | less than 20 thousand | Conduct a conformity assessment by completing an Assessment Questionnaire ("SAQ"). Submit the Attestation of Compliance ("AOC") Form | Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization |