К основному контенту

PCI DSS

Since the site goes through the entire payment process, the site must ensure the security of card data and their protection.

Vulnerability scans and virus scans should be performed quarterly to validate security compliance. Scanning must be done by an authorized scanning provider
LevelNumber of operationsAnnuallyQuarterly
Level 1More than 6 millionSubmit a Report on Compliance ("ROC") prepared by a Qualified
Security Assessor ("QSA") or an internal auditor if such report is signed by the head of the company.
We recommend PCI SSC Internal Security Assessor ("ISA") status to your internal auditor.
Submit the Attestation of Compliance ("AOC") Form
Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization
Level 21-6 million transactionsConduct a conformity assessment by completing an Assessment Questionnaire ("SAQ").

Submit the Attestation of Compliance ("AOC") Form
Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization
Level 320 thousand - 1 millionConduct a conformity assessment by completing an Assessment Questionnaire ("SAQ").

Submit the Attestation of Compliance ("AOC") Form
Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization
Level 4less than 20 thousandConduct a conformity assessment by completing an Assessment Questionnaire ("SAQ").

Submit the Attestation of Compliance ("AOC") Form
Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization
Self-assessment sheet template: Document Library
Instructions and recommendations for filling: File