PCI DSS 4 Onsite Assessment

For Level 1 merchants, which are organizations that do over 6,000,000 transactions annually, they are required to complete a PCI Assessment. For Level 2 merchants, which are organizations who do 1,000,000 - 5,999,999 transactions annually, it’s recommended they complete a PCI assessment, but not required unless they have been instructed to do so by a major financial institution. Level 3 and 4 merchants, which are organizations who do 1,000,000 - 20,000 transactions annually, are only required to find and fill out the proper SAQ that applies to their business.

For Level 1 Service Providers, who store, process, or transmit more than 300,000 credit card transactions annually, a PCI assessment is required. For Level 2 Service Providers, who store, process, or transmit less than 300,000 credit card transactions annually, an SAQ D-SP is required. However, in some instances, a Level 2 Service Provider may be asked to complete a PCI assessment.

First we’ll walk you through PCI scoping questions to determine the extent of your PCI needs. Your PCI assessment begins with an initial audit review to determine what compliance requirements you already have in place and what you need to resolve. Then your SecurityMetrics QSA will perform an assessment, either in-person or virtually. After that, you’ll go through remediation and retesting our QSA will go through any areas of noncompliance that remain and and provide insight on what is needed to meet the requirement. Lastly, SecurityMetrics will submit an Attestation of Compliance to the necessary parties and you are done!

Start by talking with one of our account executives to discover your needs and do the proper scoping for your organization. Once we’ve established where you’re at and where to start, a PCI audit coordinator will help you meet with an assigned QSA to conduct an initial audit review. From there the PCI process will continue as outlined above.

PCI assessments require a lot of detailed work and can take time, but your QSA will work with you to stay on budget and on schedule. The more preparatory work you do before your assessment, including documenting processes and knowing how your network and system are set up, the quicker and simpler your audit will be.

It depends on what your end goals for compliance are and what SecurityMetrics involvement is in your process. If we’re helping become PCI compliant from start to finish, then after remediation and retesting, SecurityMetrics will submit your attestation of Compliance (AOC) or Report on Compliance (ROC) to any required parties, such as the card brand or merchant bank, and you will be PCI complaint.

Our team at SecurityMetrics is dedicated to supporting you before, during, and after your PCI assessment. From the initial scoping and PCI audit review, to the PCI assessment, and finally delivery of your ROC, you’ll have guidance and expertise in your corner each step of the way. Your PCI audit coordinator will guide you through each phase, our QSAs are never overbooked so they can focus on you, and our knowledgeable technical support is available for any issues you're facing.

SecurityMetrics offers a specialized experience for PCI with over 20 years of experience. We are the gold standard in PCI compliance, providing a tailored approach that’s been crafted over the years.

Our assessors and audit team are never overbooked so that you can receive the dedicated care and specific guidance you need. They are also informed by our Penetration Testing and Forensic Investigation teams to know the latest trends and attacks with the goal of helping you become secure. Our thorough approach will help you avoid common compliance roadblocks by receiving proper scoping.

SecurityMetrics also has a comprehensive suite of compliance and cybersecurity tools that assist with training, documentation, vulnerability scanning, card data discovery, penetration testing and more like Shopping Cart Monitor and Shopping Cart Inspect.

Our specialists will lighten your workload with hands-on assistance, ensuring you feel confident and secure throughout the process.

Over 800,000 businesses, merchants, and entities have safeguarded their organizations with SecurityMetrics. Notable companies like JetBlu, Denny’s, and BambooHR recommend our services to their clients each year as we lighten the workload and protect the sensitive data of our clients. Check out this case study to see how SecurityMetrics made a big impact for USC and their cybersecurity.

As industry-leaders in cybersecurity, we pride ourselves on our dedication to keep organizations and their customers safe. We take every precaution when protecting our clients data and ensure they are equipped to do the same for their companies. We implement the necessary requirements in PCI and SOC 2 type II certification to achieve a higher level of safety for our customers.

A PCI assessment can range widely in cost. On the low end, for a simple environment, a PCI audit can start at $15k. Complex audits can cost $75k+ depending on how many locations you have, how many parties need to be audited, and how complex your network is.

Hop on a quick call with SecurityMetrics to get a more accurate estimate of what a PCI audit would cost you.

Yes, getting a quote is easy! Simply enter your info in the form above and one of our team members will get in touch with you to gather more info and get you your quote.