New offering - payment page protection to satisfy PCI Requirements 6.4.3 and 11.6.1. Read more
The Payment Card Industry Data Security Standard (PCI DSS) is a global standard mandated by the leading Card Schemes including Visa and MasterCard to reduce the risk of card data breach.
You are a merchant. You should validate compliance to the level your bank instructs you to do so. Normally this is either a full audit or assisted self-assessment.
You are a service provider. You are much more likely to require a full audit as service providers only have 2 levels to choose from.
You are both a merchant and a service provider. Being both is actually quite common and often misunderstood. You would require 2 x Attestations of Compliance
PCI compliance may not be strictly enforced on you but you would likely be heavily involved in any of your customers’ audits if you can affect the security of card data based on the service you provide. Having full compliance means you are not constantly dragged into external audits and is also a selling point.
Numbers below reflect Visa and MasterCard levels, who run their programs via Acquirers. Amex numbers are lower and they run their own program in the Australian market.
Level 1
Merchants processing over 6 million transactions per annum. Require a full Report on Compliance (ROC) assessment.
Level 2
Merchants processing between 1-6 million transactions. Banks in Australia are generally accepting a QSA assisted Self Assessment Questionnaires (SAQ) and will guide you on the validation required.
Level 3
Between 20,000 - 1 million ecommerce transactions. Can complete SAQ or ROC if they wish.
Level 4
All others merchants. Can complete SAQ or ROC if they wish.
Service providers only have 2 levels. It is perfectly acceptable for a Level 2 Service Provider to complete an SAQ rather than a full audit.
Level 1
Processing over 300,000 Visa or MasterCard transaction per annum. Require a ROC assessment.
Level 2
Processing less than 300,000 Visa or MasterCard transactions per annum. Can complete an SAQ, although some clients may contractually impose necessity to complete a ROC at their discretion.
Fill out the form below and a representative from PCI Consulting Australia will reply as soon as possible.
