PCI DSS compliance solutions

Payment Card Industry Data Security Standard (PCI). DSS) sets out the requirements for merchants to securely and properly handle card payments. This is critical for protecting privacy, preventing fraud, and data breaches, and is designed to provide protection for sensitive information throughout the card payment lifecycle, from card acceptance to payment processing.

PCI compliance is managed by the PCI Security Council and the five major card associations (VISA, Mastercard, Discover, American Express and JCB) to help ensure consistent cardholder protections across the globe.

For information about the PCI DSS standard, you can visit: pcisecuritystandards.org

To get started with the PCI that you have to comply with Before you can reach the DSS compliance tier, you need to determine your compliance "tier" based on the following. Please note that the data below is based on data from the last 52 weeks.

PCI DSS Rating	Description
Level 1	Merchants who process more than 6 million VISA or Mastercard transactions per year. A Tier 1 merchant that has been designated as a Tier 1 by any card network (Visa, Mastercard, etc.).
Level 2	Merchants who process between 1 million and 6 million VISA or Mastercard transactions per year
Level 3	Merchants who process between 20,000 and 1 million VISA or Mastercard e-commerce transactions per year
Level 4	Merchants that process fewer than 20,000 VISA or Mastercard e-commerce transactions per year and other merchants that process up to 1 million VISA or Mastercard transactions per year

source: Visa PCI DSS Compliance

Any merchant that accepts card payments (credit or debit) and/or transmits cardholder information must comply with PCI standards and comply with the necessary requirements. The requirements to comply with depend on a variety of factors, including the nature of the organization and the number and size of transactions.

Glocalads customers with online payment products need to ensure that they meet the relevant PCI DSS compliance requirements, you can refer to the following guidelines.

PCI DSS Compliance Level	Level 2	Level 3	Level 4
Get Paid/Pay By Link	No PCI DSS requirements
API integration only	Submit the PCI DSS AOC and renew it annually
Plug-in field integration	Submit the PCI DSS SAQ A-EP questionnaire and update it according to the specific policy
Embedded field integration (or any of our shopping platform plugins)
Hosted payment page integrations	Submit the PCI DSS SAQ A questionnaire and update it according to the specific policy
WooCommerce And Magento	Submit the PCI DSS SAQ A-EP questionnaire and update it according to the specific policy

Note: If you are a Level 1 merchant and use online payments other than Get Paid/Pay by Link, you will need the following:

• Compliance report prepared by a qualified safety assessor or internal auditor (if signed by a company executive)
• Submit a Certificate of Compliance (AOC) form
• Quarterly scans conducted by an Approved Scanning Vendor (ASV).

If you determine that you need to be PCI DSS compliant, Glocalads can guide you through the process. If you have completed PSS within the last 12 months - DCI form, which can be provided to Glocalads.

With the above list, you can find out which forms you need to fill out, and you can download the following documents.

• SAQ A - Word Document
• SAQ A-EP - Word Document
• Attestation of Compliance (AOC)
  • SAQ A - Word Document
  • SAQ A-EP - Word Document

You will need to send the completed form to your Glocalads account manager

If you do not provide the relevant information or do not meet the relevant PCI DSS compliance requirements, Glocalads may choose not to provide/suspend your payment services.

The card network can determine "non-compliance" and may be subject to significant fines. If you fail to correct your PCI within each quarter - DSS non-compliance status, fines may be doubled. For customers in EU countries, PCI - A DSS violation is also a GDPR violation because cardholder information is personal data.