Delivering Data Security and Testing Solutions

What is PCI DSS?

A set of technical and operational conditions, for all entities that store, process and transmit payment card data, with the
aim to preserve payment card security.

What do we know today about PCI DSS compliance in South Africa?

If your business accepts card payments, you need to gain compliance. PCI DSS compliance is required of all retailers that
store, process, or transmit bankcard data. The program applies to all payment channels, including retailers (brick-and-mortar),
mail order/telephone order, and e-commerce, no matter the size of the business.

The PCI groups retailers into 4 levels to determine compliance requirements. Each of the 5 card brands have similar
Merchant Level criteria based on transaction volume.

The following guidelines will help you decide which merchant level applies to you, and contact form so that we can assist you with PCI DSS compliance:

Merchant level 1

Merchant criteria:

  • You process 6,000,000+ transactions annually
  • You have been the victim of a data breach which compromised account data
  • You have been identified by any card association as merchant level 1


Merchant level 2


Merchant criteria:

  • You process between 1,000,000-6,000,000 transactions annually


Merchant level 3


Merchant criteria:

  • You process between 20,000 and 1,000,000 ecommerce transactions annually


Merchant level 4


Merchant criteria:

  • You process fewer than 20,000 ecommerce transactions annually
  • You process fewer than 1,000,000 non-ecommerce transactions annually


If your business falls under Level 1, you will need a Qualified Security Assessor (QSA) and an Approved Scan Vendor
(AVS) to validate your compliance. A QSA is a company approved by the PCI SSC to conduct on-site assessments,
whilst, an AVS is a company approved by the PCI SSC to conduct external vulnerability scanning services.

The PCI SSC offers a set of Self-Assessment Questionnaires (SAQs) to assist Merchant Levels 2, 3 and 4 in compliance
validation. An SAQ is a validation tool intended to assist retailers who are permitted by the payment brands to self evaluate
their compliance. This means your business may not require a QSA and you can perform a Self-Assessment by
filling the appropriate SAQ forms and storing them in your records. In addition, you may be required to engage with an
AVS for security scans.

Compliance criteria vary based on the card brand. Read more about specific requirements on each card company’s
website: MasterCard, Visa, American Express, Discover and JCB International.

Additional Comments

·         The deadline is 1 March 2018, having been extended from 1 June 2017 already.

I would add privacy wording which gives potential clients re-assurance that their details will be protected, something like:

By submitting my personal information via this form, I provide consent for DS ISecure to use my information to contact me with regard to my related requirements.

DSI Secure respects the privacy of your personal information and will not share it with any other party. Please visit our Privacy Notice page for more information