Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

Does your online business need to be PCI DSS compliant?

Whether you’ve just started an online business or have been established for a while, if you take payment through a third party provider such as Braintree or Stripe or store data within your company, you will need to have confirmed your PCI DSS compliance.

PCI DSS was developed to enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. Any organization involved in payment card processing which includes the storing, processing or transmitting of cardholder data is usually contractually required to be PCI DSS compliant. Failure to do so could result in penalty fines to the organization.

Ken Holmes, CertiKit’s Managing Director says, “Ensuring you comply with the PCI DSS standard is an important part of setting up and operating an online business. It is a key part of the ongoing drive to prevent credit card fraud and make online shopping more secure. Our toolkit helps you to understand what you need to do, and more importantly, how to do it.”

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) was created by the Payment Card Industry Security Standards Council (PCI SSC) which is governed by the following payment brands:

  • MasterCard
  • VISA
  • American Express
  • JCB
  • Discover Financial Services

The recommended route to compliance is often referred to as the “prioritized approach”, which is designed to advise organizations on where to start and how to reduce risk early on in their journey. It is important to note that PCI DSS compliance should not just be treated as a project, with a beginning and an end; rather the goal should be to implement the 12 requirements of PCI DSS into the organization’s business as usual processes and procedures when handling cardholder data.

CertiKit’s PCI DSS expert, Chris Cheetham explains, “The PCI DSS provides businesses with a comprehensive baseline of security requirements to assist in protecting credit and debit card data. Complying with the PCI DSS instils confidence in your customers that security and privacy of their data is taken very seriously.”

What level of PCI DSS compliance is needed?

All merchants and service providers are categorized into different levels depending on the volume of card payment transactions the organization processes per year. There are four levels into which an organization can be categorized, with level one being the highest and level four being the lowest. The volume of transactions per year that determines the categorization level of your organization varies between the Payment Brands (Visa, MasterCard, American Express, Discover, and JCB), therefore it is recommended you confirm your organization’s level with your acquiring bank.

How to prove PCI DSS compliance?

First you will need to align your business, so you are compliant to the standard, this involves working through the requirements of your merchant level. The CertiKit PCI DSS toolkit has recently been updated and includes over 50 documents to guide businesses through implementing PCI DSS compliance. Once your business is nearing the end of its compliance journey you will need to start thinking about submitting the appropriate documentation to your acquiring bank. Depending on your merchant level, you will either have to submit a Self-Assessment Questionnaire or submit a Report on Compliance produced by a Qualified Security Assessor. Once your business is certified as PCI DSS compliant, you will receive a certificate that we recommend adding to your website to improve customer trust and credibility. As with many compliance standards, it is all about continual development, and you will need to submit annually to your acquiring bank to renew your certification.

Want to know more? Our PCI DSS guide provides more details about the compliance and how to align your business, or you can contact us with any questions.

Over 3000 businesses have purchased our toolkits


The tool is excellent and saved me a lot of work in writing documents, designing forms and spread sheets, etc. It was also very useful in tracking where I was in relation to my compliance.

Robin Hood Energy Limited

View all Testimonials