Interested in becoming PCI compliant? What kind of documentation do you need to become PCI compliant? Check out our helpful guidance and discover everything you need to know!

Today, every merchant or online retailer who accepts credit card as a payment method is obligated to submit PCI or Payment Card Industry compliance documentation. You are not sure what kind of documentation you have to submit? Don’t worry, as you have come to the right place, we are going to explain everything to you.

The first thing you need to do is to establish your level as a merchant (the level is defined by the credit card Company). Each credit card company has their own personal compliance program which takes into consideration the number of transactions. To complicate the things, even more, the credit card companies (American Express, MasterCard, Visa, and etc.) differentiate in the level and in the submission requirements and documentation.

For instance, Level 4 retailers, according to Visa’s criteria are businesses that have up to 1 million Visa transactions per year. MasterCard, on the other hand, categorizes the businesses which have over 1 million transactions per year as Level 3 retailers, and American Express does not have Level 4 at all.

As you can see, each level has its own specific validation requirements which automatically means that you need different documentation as well. The validation requirement for a Level 4 as Visa retailer is to be under discretion to the bank, while the validation requirement for a Level 3 as an American Express retailer is to submit quarterly scans.

In order to establish your level, check the official websites of American Express, MasterCard, Visa, and Discover. Collect the number of transactions your business has per year (separated by the credit card company) and consult with the bank and you will receive all the information you need.

Once you will determine the level, you need to prepare your PCI compliance validation documentation. You need to determine which SAQ is the suitable one to submit for your business and you are also obligated to submit quarterly external scans.

There are four SAQ types (A, B, C, and D). The factors that affect depend on whether or not your business uses its own system to process credit card payments, accept credit cards electronically or in-person, store cardholder data, and etc. Determine the SAQ type and establish the documents you need to submit.

Other articles than can be interesting for you: