Meeting the Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS compliance helps to:
make shopping on the internet safer by reducing online fraud
prevent theft and the unauthorised use of credit and debit cards
protect both consumers and businesses from fraudulent activity
ensure merchants are securely storing, processing & transmitting card data
avoid the reputational damage and financial costs associated with a breach in data security
Sign up now or call 0845 111 44 66
Getting started with PCI DSS Compliance
Qualified Security Assessors (QSAs) such as Trustwave, are recognised by the PCI Security Standards Council to assess compliance.
Becoming PCI DSS compliant is often a condition for obtaining your merchant bank account. Your merchant acquirer may also have a preferred QSA to carry out your certification (you'll need to check this with them).
To sign up for PCI DSS Compliance with Sage Pay & Trustwave
call us on 0845 111 44 66 or email us.
Which level of compliance is right for me?
There are four levels of PCI DSS compliance, with Level 1 being the highest level.
Sage Pay is a PCI DSS Level 1 payment service provider. View our certificate of compliance
The level that your business requires usually depends on:
- the volume of transactions which you process
- how you process them (how you use our payment gateway).
Compliance for outsourced payments
You can benefit from our PCI DSS Level 1 certification by outsourcing your payments to Sage Pay.
We have flexible, customisable hosted payment pages which can help you to reduce your own PCI DSS requirements.
| PCI DSS | Level 1 | Level 2 | Level 3 | Level 4 |
| Sage Pay hosted payments | Businesses processing 6 million + transactions per year | Businesses processing 1 to 6 million transactions per year | Businesses processing 20,000 to 1 million transactions per year | Businesses processing less than 20,000 transactions per year |
| Form integration | No audit required Online self-assessment questionnaire From £72 per year Sign up now | |||
| Server integration | No audit required Online self-assessment questionnaire From £72 per year Sign up now | |||
| Server & inFrame integration | No audit required Online self-assessment questionnaire Monthly or quarterly vulnerability scanning From £175 per year Sign up now | |||
Compliance for self-hosted payments
If you require the complete flexibility of self-hosted payments, then you'll most likely need to invest more in your PCI DSS compliance.
Through Trustwave's innovative approach to compliance, we can offer you the assessments, vulnerability scanning and SSL certificates that you need.
| PCI DSS | Level 1 | Level 2 | Level 3 | Level 4 |
| Self-hosted payments | Businesses processing 6 million + transactions per year | Businesses processing 1 to 6 million transactions per year | Businesses processing 20,000 to 1 million transactions per year | Businesses processing less than 20,000 transactions per year |
| Direct integration | On-site assessment and penetration test Monthly vulnerability scanning | Remote assessment and compliance validation Monthly vulnerability scanning (50 IP) Organisational validated SSL certificate | Remote assessment and compliance validation Monthly vulnerability scanning (10 IP) Organisational validated SSL certificate | Online self-assessment questionnaire Monthly or quarterly vulnerability scanning |
| POA Enquire today | From £6,375 per year Sign up now | From £3,400 per year Sign up now | From £175 per year Sign up now |
If you're still unsure and need more advice call us on 0845 111 44 66 or email us.
Do developers need to be PCI DSS compliant?
If you're a developer that's simply integrating a client's website with our payment gateway and handing over the completed project to your client, then you don't need to become PCI DSS compliant.
However, if at any stage you build and host a back office solution for your client, you'll need to look into your PCI DSS requirements and possibly also PA DSS.
