What are my PCI DSS requirements with a Sage Pay merchant account?

Sage Pay’s merchant services are brought to you in conjunction with Elavon and although Sage Pay is Payment Card Industry Data Security Standards (PCI DSS) compliant, your business still needs its own PCI certificate.

To help you achieve this, Elavon has partnered with qualified security assessor Trustwave and in order to obtain and retain your merchant account, your PCI DSS certificate will need to be authorised by them. This is to ensure that your business and your customers are protected from theft, fraud, and other security risks resulting from the compromise of card data.

Trustwave’s TrustKeeper programme will help you understand PCI DSS requirements and complete the steps to assess your compliance. There is an annual fee of £120 for this service, which is mandatory and a condition of your merchant account with Elavon.

If you are already PCI complaint and have a compliance certificate from Trustwave or another Qualified Security Assessor, then you will only have to pay a £20 administration fee, and can upload your certificate by visiting the Elavon website.

The fee for non-compliance is £17 per month.