Very often merchants who use credit card processing software are interested in the question whether they will have to undergo a PCI audit. If to be brief the answer is ‘yes’; because all businesses which either accept or process payments need to be PCI compliant. So what does it mean to be PCI compliant and how to become PCI compliant?
In order to become PCI compliant a merchant needs to undergo a PCI auditing procedure and meet the requirements of the PCI data security standard. The audit is going to differ depending on the amount of transactions processed by the merchant. Four types of merchants are pointed out taking into account the mentioned criterion: level 1, 2, 3, 4. Level 1 merchants process the greatest amount of transactions, more than 6 million e-commerce transactions per year. Consequently, they will have to undergo the most complicated audit while the situation is much easier for level 4 merchants.
Level 4merchants, who usually utilize the services of some credit card processing companies, just need to fill out a SAQ (self-assessment questionnaire). A SAQ is a simple pdf document with questions. You need to answer these questions and to submit the form to a special web-portal created by PCI audit companies and also you will have to identify your PSP there, but the fields regarding your provider will be filled automatically.
A lot of payment processing companies have special mechanisms which simplify the process of PCI auditing for level 4 merchants they are working with. What is more, you need to know that whenever you have a question concerning PCI audit the best option is to consult your provider first.
More information can be found in the article at #UniPayGateway (the article is available here).