Since the site goes through the entire payment process, the site must ensure the security of card data and their protection.
Vulnerability scans and virus scans should be performed quarterly to validate security compliance. Scanning must be done by an authorized scanning provider
Level;Number of operations;Annually;Quartarly
Level 1;More than 6 million;Submit a Report on Compliance ("ROC") prepared by a Qualified <br>Security Assessor ("QSA") or an internal auditor if such report is signed by the head of the company. <br> We recommend PCI SSC Internal Security Assessor ("ISA") status to your internal auditor. <br> Submit the Attestation of Compliance ("AOC") Form;Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization
Level 2;1-6 million transactions;Conduct a conformity assessment by completing an Assessment Questionnaire ("SAQ"). <br> <br> Submit the Attestation of Compliance ("AOC") Form;Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization
Level 3;20 thousand - 1 million;Conduct a conformity assessment by completing an Assessment Questionnaire ("SAQ"). <br> <br> Submit the Attestation of Compliance ("AOC") Form;Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization
Level 4;less than 20 thousand;Conduct a conformity assessment by completing an Assessment Questionnaire ("SAQ"). <br> <br> Submit the Attestation of Compliance ("AOC") Form;Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization
Self-assessment sheet template: Document Library Instructions and recommendations for filling: File