Full compliance requires over 200 individual security controls with ongoing inspections. In addition, your company must implement stringent security policies for business and technology staff. Any organization that accepts credit-card payments through their own website must be fully compliant. However, whether you need to validate your organization’s compliance as well as what specific validation actions your company will be required to take will depend on:
- How many transactions your organization processes each year
- Whether your account data has suffered any type of breach of security compromise
Depending on these factors, you’ll be assigned a level ranging from 1 to 4. PCI validation essentially means that your organization’s adherence to the PCI compliance is validated by either a third party or by a self-assessment that’s completed and submitted.
While businesses that process less than 20,000 Visa and/or Mastercard transactions per year, aren’t required to validate their compliance, we strongly recommend that you do so to avoid a costly data breach, which could easily render your organization bankrupt.