Skip to content

Merchant’s Guide to PCI Compliance

The essential PCI Compliance Checklist.


Download PDF

What is PCI?

If you interact with credit card data in any way, you are subject to the PCI DSS standards.

PCI is a set of standards dictated from the major credit card providers

PCI is a set of standards dictated from the major credit card providers in the market, such as Visa and Mastercard, working together to ensure the safety and security of credit and debit card data. The Payment Card Industry Data Security Standard (PCI DSS) is the specific set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.



Failure to adopt and follow the standards may result in severe penalties.

What are the Penalties for Non-compliance?

Identity theft is important to all of us. Failing to follow these standards will not only amplify the merchants’ risk of data breach and fraud, but failure to adopt and follow the standards may result in severe penalties if a security breach is discovered to be a result of non-compliance. Businesses, and even the owners themselves, failing to comply correctly may be denied the right to process card transactions altogether in additional to the crippling financial burden of fines. 


Getting Ahead

Get Ahead on PCI Compliance Anytime with these 10 Steps:

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords.
  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.
  • Protect all systems against malware and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.
  • Regularly test security systems and processes.
  • Identify and authenticate access to cardholder data, and restrict overall access.
  • Track and monitor all access to network resources and cardholder data.
  • Maintain a policy that addresses information security for all personnel

PCI Compliance Checklist

Maintaining a safe and secure system is only part of the necessary steps to ensure PCI Compliance. Following January 1st, 2019, all merchants are required to process credit card validations with at least PCI DSS version 3.2.1. Organizations wishing to be compliant and avoid penalties must evaluate their current compliance level, assess their security systems, remediate and fix vulnerabilities, and submit reports and documentation in order to file successfully.

Steps to ensure PCI Compliance



Before you get started, contact your merchant service provider (MSP) to check what forms and documentation you will need to submit. The PCI Security Standards Council (PCI SSC) released a new Data Security Evaluation Tool that helps assess your PCI DSS compliance and security policy. 



Determine your compliance level based on how your business is described in PCI general standards so that you are prepared for the following steps. There are different standards for various businesses based on: how you handle customer transactions, how you handle data, what credit card companies and banks you work with, and how much volume you handle.



Assess your operations as you fill out the self-assessment questionnaire (SAQ). There are nine different versions of the SAQ guidebook, so you will select the one that best applies to your business. The guidebook will walk you through a dozen different requirements for which you’ll give a “yes”, “no”, or “not applicable” answer. This will help you to identify the gaps in your company’s payment security.



At this point, you will know if your business falls short in any way. If this is the case, make necessary changes and security improvements to your system. Retake the SAQ to confirm that you are fully compliant.



Find a provider that uses data tokenization to store customers’ sensitive credit card information in a secure, web-based portal rather than on your local servers. This will keep their data safe and reduce your liability in the event of a breach.



Once you have updated your SAQ, you are ready to complete a formal attestation of compliance (AOC) - a formal document stating that your business is fully compliant with all relevant PCI standards. A qualified security assessor can then review your work and create a report to validate your own findings.



File the paperwork by submiting the documents to your processor and/or acquiring bank. You’ll need to submit your SAQ, your AOC, and any other information that your evaluating organizations may request. This may include an external vulnerability scan.

Next Steps

There is no easier way to become PCI Compliant than working with the experts at REPAY who will guide you every step of the way.

Getting Help

Even though the process for becoming PCI compliant is somewhat straightforward, many technical standards can be confusing if you are not an expert in credit card processing and data security. If you are concerned about your ability to become PCI compliant on your own, it is a good idea to seek help from an outside authority that has expertise in PCI compliance and other data security best practices.


Next Steps

The good news is that REPAY is a 100% PCI-DSS compliant and integrated payment processing solution. We develop, maintain, and support our PCI Compliant credit card processing software to ensure that your business is secure and compliant with each transaction. There is no easier way to become PCI Compliant than working with the experts at REPAY who will guide you every step of the way.

REPAY offers flexible and integrated payment solutions for every business. REPAY is a gateway and processor that is trusted by thousands of merchants daily to process payments and works diligently to get you the lowest credit card processing rates, reduce your risk of breach, chargebacks, fraud, and provide the best solutions for your business. Batch processing, seamless integrations, and automation tools such as recurring billing increase your business’ efficiency and improves cash flow. From multiple payment methods to multiple currencies, we provide trustworthy service for every business and every payment. What’s more, we do this all at a negative cost to your company. REPAY is seamlessly integrated with hundreds of ERP, accounting, eCommerce, POS, and Mobile applications. If a prebuilt integration is not available for the business solutions you use, an API is available to develop a custom integration and our in-house development team is on standby to help. When it comes to payments, don’t settle for less than REPAY!


Complete Form