Abacode Team


PCI-DSS Regulation

Does Your Organization Handle Cardholder Data?

Find Out What Your Organization Has to Do to Comply with PCI DSS Security Regulations!

The PCI Security Standards Council is an international organization that established the Payment Card Industry standards for securing cardholder data around the world.

The requirements vary depending on the level of organization. Click here to figure out which level you are and get an idea of what you’ll need to do to comply.



PCI DSS Requirements

Build and Maintain a Secure Network

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  1. Use and regularly update anti-virus software or programs
  2. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  1. Restrict access to cardholder data by business need-to-know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Maintain an Information Security Policy

  1. Maintain a policy that addresses information security for employees and contractors

4 Levels of PCI



Merchants that handle:

  • 6 million+ Visa, Mastercard, or Discover transactions per year
  • 2.5 million+ American Express transactions per year
  • 1 million+ JCB transactions per year

Merchants that have suffered a data breach or cyberattack resulting in compromised cardholder data or that have been identified by a card issuer as Level 1


  • Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form


Merchants that handle:

  • 1-6 million Visa, Mastercard, or Discover transactions per year
  • 50,000 to 2.5 million American Express transactions per year
  • less than 1 million JCB transactions per year


  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form


Merchants that handle:

  • 20,000 – 1 million Visa e-commerce transactions per year
  • 20,000+ Mastercard e-commerce transactions per year, and up to to 1 million total Mastercard transactions per year
  • 20,000 – 1 million Discover card-not-present transactions per year
  • less than 50,000 American Express transactions


  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form


Merchants that handle:

  • less than 20,000 Visa or Mastercard e-commerce transactions per year
  • up to 1 million Visa or Mastercard transactions per year


  • Established by the merchant’s acquiring bank
  • Usually include an SAQ and Quarterly Network Scan by an ASV

Why Choose Abacode as Your MSSP?

As certified cybersecurity & compliance experts (CISSP, CIA, CISA, CEH, PMP, etc.), FedRAMP readiness is one of our focuses. Abacode continuously prepares organizations for their 3PAO assessments throughout the year and help them maintain compliance moving forward.

Abacode’s compliance portal helps streamline continuous compliance and security control effectiveness tracking for organizations before, during, and after assessments.

Connect with us today to learn more about the FedRAMP readiness process and the cost of implementing a FedRAMP program.