Skip to main content

What is the process for getting a site certified as PCI-compliant?

See graphs for all steps here:

    1. Determine your merchant level.
    2. Determine your validation type.
    3. Complete and report an attestation of compliance and self-assessment questionnaire (SAQ) annually.
    4. Complete and report results of all external vulnerability assessment scans (all public-facing IP addresses used to process, view, or handle credit card data require scans) performed by an approved scan vendor (ASV) quarterly.
    5. Create and update an information security policy annually.

Utilize a PCI scanning tool that will provide a report on the level of compliance. If there are any failures, they will need to be addressed and resolved before a rescan is to take place.

By Michael Cristancho

I'm a Digital Commerce and Experience evangelist who enjoys engaging in thought-provoking conversation and mutual exploration. I am a strong believer that learning never ends, and each day brings another opportunity to grow as an individual and professional.