PCI Compliance

If your business stores, processes or transmits cardholder data, you have an obligation to ensure you protect your customers and your business against data breaches. This applies to all businesses, regardless of size and is a mandatory requirement set up by the card schemes.

As CityPay does not evaluate PCI compliance requirements, we have partnered with Trustwave, a leading provider of PCI compliance management services. These services include quarterly scans, and auditing services.

You can reduce your exposure to risk with an integration with Paylink Hosted Form, Virtual Terminal Solutions, Card Holder Accounts, and Schedule and Batch Payments. All sensitive information is stored and managed within our PCI compliant network rather than on your local network.

Quarterly Scans
If you process primarily e-commerce transactions online you may have to complete and pass quarterly network scans. A scan is required for each external IP address that processes cardholder data and has to be validated by a PCI-DSS Approved Scanning Vendor (ASV). These checks are still mandatory to guarantee that your implementation is deployed in a compliant manner.

What level of merchant are you?

Whether you just process a few transactions or accept millions per year, your business is categorised by 4 PCI DSS levels. Your level is based on the following criteria and actions you need to take:

Level

Type of Business

Actions required for compliancy

Level 1

Any merchant processing over 6 million VISA or MasterCard transactions a year or any compromised merchant

  • Annual onsite security assessment
  • Quarterly network scan (if in e-commerce)

Level 2

Any merchant processing 1 to 6 million VISA or MasterCard transactions a year
  • Annual Self Assessment Questionnaire
  • Quarterly network scan (if in e-commerce)

Level 3

Any merchant processing 20,000 to 1 million VISA or MasterCard e-commerce transactions a year
  • Annual Self Assessment Questionnaire
  • Quarterly network scan (if in e-commerce)

Level 4

Any merchant processing fewer than 20,000 VISA or MasterCard transactions a year. All other merchants processing up to 1 million VISA or MasterCard transactions a year
  • Annual Self Assessment Questionnaire
  • Quarterly network scan (if in e-commerce)