PCI DSS

CERTIFICATION

What is PCI DSS

What is PCI DSS ?

PCI DSS is a Payment Card Industry Data Security Standard - a set of security requirements for protection of cardholder data.

Six card schemes participate:
Visa, Mastercard, American Express, JCB, Discover and China Union Pay.

Who requires PCI DSS ?

Companies that process, store or transmit payment card data.


Merchants show compliance to their acquirers.

Service Providers (SP) (Banks, Payment Processors) show compliance to card schemes*.

Why get PCI DSS ?

  • Requirement of card schemes
  • Requirement of acquirers
  • Promote your business as payments-secure to customers and partners.

How often ?

You need to renew your PCI DSS compliance annually.

How to get PCI DSS ?

Your path is determined by two questions:

  1. Merchant or Service Provider?
  2. Number of transactions per year?

You either fill-in a questionnaire yourself or get certified by a QSA company.

PCI Data

Cardholder Data:

  • PAN (primary account number)

Sensitive Authorization Data:

  • Track or Chip Data
  • PIN or PIN block
  • CVV2 (security codes)

PCI Levels (SP)

Levels for Service Providers are set by the card schemes, e.g. Visa, Mastercard. Level depends on annual transactions per card scheme.


  • Level 1: > 300K (audit by a QSA)
  • Level 2: < 300K

PCI Levels (Merchants)

Levels are set by the card schemes, e.g. Visa, Mastercard. Level depends on transactions per year.


  • Level 1: > 6M (audit by a QSA)
  • Level 2: 1M - 6M
  • Level 3: 20K - 1M
  • Level 4: < 20K

PCI DSS 4.0

Total 280 requirements.
64 new requirements:

  • 13 immediate
  • 51 from March 31, 2025

Assessments can be conducted from August 2022.

Certification Path

Most important step.
We make sure your
scope is fully identified.

Scoping

1 day 01

We define applicable
requirements.

PCI Profile

1 day 03

You fix the findings, we
validate them.

Remediation

from 1 day 05

We propose options for
scope reduction:
- less certification efforts
- less money spent

Optimisation

2 days 02

We do assessment together:
- review of documentation
- observation of processes
- interviews

Assessment

1-5 days 04

Congratulations! You are officially PCI DSS compliant! You receive the Attestation of Compliance, or AOC.

Compliance

instant 06
DSS

Why pciNow!

Professional

You get certified professionals:
in IT Security, in Penetration Testing, in Project Management.

Experienced

More than 400 PCI DSS
assessments.

Responsible

World-known companies
already trusted their PCI
compliance to our team.

Fast

We value your time.
We strive to amaze you
with the speed of the service.

PCI

PCI Services

PCI DSS

Certification

Annual certification with delivery of AOC, ROC. We submit them to Visa and Mastercard.*

Contact Us

PCI 3DS

Certification

We do it. We plan all steps, help understand applicability of requirements. Together we go through the certification process.

Contact Us

PCI PIN Security

Certification

Need to validate your PIN security? We cover transaction processing operation (ATM/POS), Remote Key Distribution, CA/RA and KIF.

Contact Us

Point-to-Point Encryption

Certification

Initial guidance, certification or annual re-validation. Include your Key-Injection Facility to the PCI listing.

Contact Us

ASV scans

Forgot your ASV scan?

PCI-DSS-required quarterly external vulnerability scans are for you. Contact us and get scanned today.


Contact Us

Penetration tests

Want a good deep sleep?

Analyze you your systems. Make sure you are clean. PCI-required pentests: infrastructure and application. Plus phishing, USBs, WiFi and more.

Contact Us

Our Team

Denis, QSA
Specialization in Business Continuity (BS 25999), Information Security Management Systems (ISO 27001), European Data Protection law, Risk Management System (ISO 31000 and ISO 31100), Security in Finance, Security Investigations.

CISA, ITIL, ISO 27001 Lead Auditor
European Data Protection
Privacy Program Management

Experience: 16 years
Dmitriy, QSA
Specialization in ISO 27001, secure software development, incidents management, threats analysis, development of governance documentation and training manuals, risk assessments.

CISSP, CISM, ISO 27001 Lead Auditor




Experience: 9 years
Vadim, Pentester
Proven penetration testing skills, researcher. Specializes not only on remote attacks, but also on wireless, USB-related, RFID-related, blutooth-related and various physical attacks.

OSCP (Offensive Security Certified Professional)




Experience: 12 years

Countries
of Business

We operate in 124 countries across Europe and CEMEA region.

Check your country

Contact Us

Thank you!

We will contact you soon.

Something went wrong.

Please send us an email

[email protected]