7-day free trial with Stripe


No setup fees, no long contracts, cancel anytime. 

Local free phone number with unlimited minutes.



Stripe pricing & plans



    About Paytia

      PCI Compliance Guide

      PCI compliance made easy.


      5fe27861820e831ec90dde5d_PCI DSS White-300px



      What is PCI Compliance?




      The major credit card companies - Visa, Mastercard and American Express - established the Payment Card Industry Data Security Standards (PCI-DSS) guidelines in 2006 in an effort to protect credit card data from fraud and theft.

      Each year billions of dollars worth of fraudulent credit card transactions take place in the United States. PCI-DSS tries to halt the increasing trend of credit card fraud. Protecting customer data and payment information must be a priority for businesses otherwise they face devastating reputation loss.

      Understanding your PCI compliance responsibilities can help your business to remain in compliance and protect it's staff and customers.


      Return to top of page


      What happens if I don't comply with PCI Compliance?


      If you can't prove your PCI compliance then your business could face a number of negative consequences such as:

      • PCI non compliance charges
      • Damaging loss of reputation to your business.
      • Loss of customer trust.
      • Loss of customer identity and payment information.
      • Higher banking charges


      Return to top of page


      12 Requirements for PCI Compliance 


      Goals Requirements
      Build and Maintain a Secure Network and Systems

      Requirement 1: Install and maintain a firewall configuration to protect cardholder data
      Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

      Protect Cardholder Data

      Requirement 3: Protect stored cardholder data
      Requirement 4: Encrypt transmission of cardholder data across open, public networks

      Maintain a Vulnerability Management Program Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
      Requirement 6: Develop and maintain secure systems and applications
      Implement Strong Access Control Measures Requirement 7: Restrict access to cardholder data by business need to know
      Requirement 8: Identify and authenticate access to system components
      Requirement 9: Restrict physical access to cardholder data
      Regularly Monitor and Test Networks Requirement 10: Track and monitor all access to network resources and cardholder data
      Requirement 11: Regularly test security systems and processes
      Maintain an Information Security Policy Requirement 12: Maintain a policy that addresses information security for all personnel


      ALSO READ: Credit card protection: Understanding the 12 PCI security requirements

      Return to top of page


      How much does it cost to become PCI Compliant

      The answer to this question can depend on a number of factors. There is a cost involved in becoming compliant, however these charges can be dwarfed by the potential fine amount that could be levied by your payment provider.


      Stripe pricing & plans


      Return to top of page


      How do I validate my PCI compliance?

      You can validate your businesses PCI compliance by filling out a Self-Assessment Questionnaire (SAQ). It's a way of your business proving it is taking the security measures needed to keep your customers credit card data safe. PCI SAQs vary in length but contain protocols and procedures your business should be following to keep payment card data safe.

      Return to top of page


      Can Paytia help with PCI Compliance?

      Paytia is a PCI Level 1 Service Provider and can save you answering 93% of questions when preparing the Self-Assessment Questionnaire and prepares you for full PCI Compliance.

      Paytia specialises in providing a PCI compliant payment by phone solution with our Secure Virtual Terminal, suitable for one user or call centres with our scalable payment environment. Your customers enter their details via their phone keypad, and your agent will see live input on their computer screen, but with the card number displayed as ‘XXXX.’ Paytia replaces the need for your staff to ask your customers to audibly read their sensitive credit card details and keeps you in scope for PCI compliance.


      Return to top of page



      Do I have to complete a Compliance Self-Assessment Questionnaire (SAQ)?

      Yes your business will have to complete a compliance self assessment questionnaire in order to be recognised as PCI compliant. However, if you choose Paytia as your payment provider we can take responsibility for 93% of the questions in the compliance self assessment questionnaire.


      The table below can help you choose the correct self-assessment questionnaire.

      Questionnaire How do you accept payment cards?
      Card-not-present merchants (e-commerce or mail/telephone-order) that have fully outsourced all cardholder data functions to PCI DSS compliant third-party service providers, with no electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises. Not applicable to face-to-face channels.
      A-EP E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises.
      Applicable only to e-commerce channels.
      B Merchants using only:
      • Imprint machines with no electronic cardholder data storage; and/or
      • Standalone, dial-out terminals with no electronic cardholder data storage.
      Not applicable to e-commerce channels.
      B-IP Merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, with no electronic cardholder data storage.
      Not applicable to e-commerce channels.
      C-VT Merchants who manually enter a single transaction at a time via a keyboard into an Internet-based virtual terminal solution that is provided and hosted by a PCI DSS validated third-party service provider. No electronic cardholder data storage.
      Not applicable to e-commerce channels.
      C Merchants with payment application systems connected to the Internet, no electronic cardholder data storage.
      Not applicable to e-commerce channels.
      P2PE-HW Merchants using only hardware payment terminals that are included in and managed via a validated, PCI SSC-listed P2PE solution, with no electronic cardholder data storage.
      Not applicable to e-commerce channels.
      D For Merchants: All merchants not included in descriptions for the above types.
      D For Service Providers: All service providers defined by a payment card brand as eligible to complete a Self-Assessment Questionnaire.


      Return to top of page


      Enabling a BMW main dealership to meet it's PCI-DSS obligations




      Paytia delivered a solution that staff would be able to accept payments over the phone without impacting their GDPR or PCI compliance obligations. Enable staff identification, invoice identification and tracking and email transaction receipts to departments in real-time without affecting any existing systems. The system should be easy to use and not slow down the process of taking payments by phone.


      READ MORE : BMW Main Dealership Case Study

      Return to top of page


      Total Tiles Case Study





      Total Tiles had two key objectives 1. Security, 2. Speed - and a number of key feature requirements.

      The most urgent requirement was for customer-facing staff, who were now working from home during the pandemic, to be able to accept and process credit and debit card payments over the telephone. It was critical that this be available within days to ensure minimal interruption to their business operations, allowing them to continue within a safe and secure processing environment.

      Paytia was the only company that could meet their requirements. The customer would not have to read out their credit card details to the agent working from home. Another huge benefit to the business was from the order being placed to transactions being processed took only three days! This was a fantastic achievement. A unique solution and implemented extremely quickly.


      READ MORE: Total Tiles Case Study

      Return to top of page



      Lean On The Experts

      You don’t have to do it alone. Our team of experts is waiting to help you.

      Talk to us