PCI DSS Compliance

Take your compliance journey with us



PCI DSS logo The Payment Card Industry Data Security Standard (PCI DSS) is required by all businesses that store, process or transmit cardholder data. Businesses who do not comply with this standard risk being fined or having their card processing capability withdrawn.

More importantly though, without these relatively basic information security controls in place, there is the very real potential for a security breach resulting in cardholder data loss and the potential financial penalties and impact to reputation that go with that.

Scope and Levels

The full PCI DSS extends to over 300 individual requirements however, depending on how many credit card records you are exposed to each year – and by which channels – not all of these may apply to your business.

If you are a merchant handling 6 million or more card transactions or records per year then you are categorised as Level 1 and are required to be formally assessed by a PCI Qualified Security Assessor (QSA) each year. Under this number and it will require the submission of an annual Self Assessment Questionnaire.

If you are a Service Provider providing services to merchants or other service providers that require you to be PCI DSS compliant, the levels are different. You will need a QSA to produce your Report of Compliance (ROC) once you are processing over 300,000 transactions per year. Under this and you can also self-assess.

The following table breaks down the PCI DSS levels for Merchants.

Level 1

More than 6,000,000 transactions per year.

Level 2

1,000,000 to 6,000,000

Level 3

20,000 to 1,000,000.

Level 4

Below 20,000.

PCI DSS Levels for Service Providers

Level 1

More than 300,000 transactions per year.

Level 2

Up to 300,000.


PCI DSS Consultancy

Every business is different and most of the devil of compliance is in the detail. Let our consultants work with you to identify the most pragmatic solutions for your business.

Penetration Testing

Requirement 11.3 means you need to define a penetration testing methodology and perform testing at least annually and after significant change.

Developer Training

Requirement 6.5 states that compliant organisations must train their developers in secure coding techniques.

Vulnerability Scanning

External and internal vulnerability scanning plus PCI ASV scans. Let 4ARMED help you with your compliance scanning requirements.


Compliance Simplified

If PCI DSS is new to you it can be overwhelming. 4ARMED removes the headache by breaking down the standard and explaining how it fits for your organisation.

Get Compliant Faster

Make effective use of time by engaging our expert consultants to power through the gap analysis, identify remediation steps and help you develop and implement compliant processes and documents, first time.

Cost Effective

Take advantage of our experience by letting us do the things we’re good at and allowing you to focus on the business-specific items you need to address.

Specialist Resources

Template PCI DSS policies and documentation, years of experience of implementing, completion of your Self Assessment Questionnaire. There’s no quick fix for PCI DSS but this is the closest you’ll get.

Next Steps

Want to discuss your requirements further? Wondering whether PCI DSS Compliance is right for your business? There's an easy way to find out, give us a call or complete this handy contact form to tell us where you're at and we will work with you to find the best solution for you.
+44 (0)203 475 2443 sales@4armed.com
4ARMED Limited
3 Warren Yard, Warren Park, Stratford Road, MILTON KEYNES MK12 5NW, England