How do I become PCI compliant?

McAfee SECURE PCI Certification uses a simple, three-step process to ensure that your business can accept and process payment cards both online and in the real world.

1. Define your PCI Scope

PCI Scope is best thought of as how many payment card transactions are being processed as well as from how many sources.

We cannot help you define your PCI scope. Your bank will help you define your scope. Further, you must ask your banker to define your PCI scope once a year to stay complaint, as your business may change.

2. Get scanned quarterly

Based on your PCI Scope, we will scan your site once a quarter against a list of vulnerabilities provided by the PCI Council. Passing this scan every three months is necessary to being PCI Compliant. If your business does not pass the scan, our remediation team will assist you to help you fix your vulnerabilities.

We offer two scanning services: One, called the IP & network scan, is required for PCI compliance, regardless of scope. The other, called the PCI web app scan is only required if you have a website that accepts payment cards.

3. Get a certificate of attestation

The scan information is sent to a third-party PCI auditor who verifies the results. This auditor then provides you with a certificate of attestation that declares you PCI compliant. Whenever your bank requires you, you must provide this certificate (up-to-date for the current business quarter) to them.

To sign up for PCI compliance, please click here

Have more questions? Submit a request