Contact Sales (855) 615-7481

Get FREE Quote

How Long Does It Take to Become PCI Compliant?

Every business that stores any information from processing credit cards, debit cards and other payment cards is required to comply with PCI (Payment Card Industry) standards. All companies performing payment processing must meet the security compliance standards. Failure to comply can result in restrictions, heavy fines, or permanent expulsion from accepting cards and processing payments.

Becoming PCI Compliant

The entire process of becoming PCI compliant usually takes between one day and two weeks. The actual time for compliance will be dependent on how long the self-assessment questionnaire takes to complete. In addition, the business will need to pass a PCI scan. Once the questionnaire and scan have been passed, the results are turned in to the company’s merchant bank. That information is then passed on to the Payment Card Industry stating that the company has met the requirements of PCI compliance.

Specific Requirements

PCI compliance requirements are based on different merchant accounts, and the amount of transactions the business processes every year. In detail, these include:

Level 1 Requirements – Merchant accounts with transactions of 6 million or more a year, or companies with compromised data must perform a quarterly network security scan and an on-site annual security audit.

Level 2 Requirements – Merchant accounts that process transactions ranging from 150,000 to 6 million every year must complete the self-assessment questionnaire annually.

Level 3 Requirements – Merchants with payment processing numbers between 20,000 and 150,000 transactions are required to perform a self-assessment questionnaire every year, along with a quarterly scan performed by an ASV (Approved Scanning Vendor).

Level 4 Requirements – Any merchant processing no more than 20,000 transactions annually must maintain compliance at all times. However, they are not required to report compliance.

Necessary Steps

Every business that processes credit/debit cards and stores the information must determine their merchant level as assigned by the payment card industry. In addition, they need to determine their validation type and report their compliance through a self-assessment questionnaire.

A detailed report should include any vulnerability assessment scans, performed by an ASV. The report should detail the scan on any public-facing IP address used for processing, viewing, and handling credit and debit card data.

Becoming compliant and maintaining the status might appear overwhelming. However, businesses that break the process down into smaller sections can easily maintain their status. The working components will include the merchant, the hosting provider, the shopping cart (e-commerce application), the authorized payment gateway, ASV, and the merchant’s bank.

Leave a Reply


Type Of Account


What Exactly is a Contactless Payment?

The modern credit card industry and credit card processing began in the 1950s, and the first credit cards...

How Smart Chips Will Make Electronic Transactions More Secure

For the typical business person who runs across fraudulent transactions involving credit cards, credit card processing with smart...

What To Do With All of Your Company’s Receipts

As the electronic age has started to take over more businesses, much of the information that used to...

© 2015 All rights reserved. Privacy Policy
CREDITCARDPROCESSING.COM, LLC is a registered ISO of Wells Fargo Bank, N.A. Walnut Creek, CA
American Express® may require separate approval.

*Promotion contingent upon's receipt of written competing offer(s). Further terms and conditions may apply.

**Certain restrictions may apply. Promotional offers brought to you by Call (855) 615-7481 for details.