PCI Compliance


The Basics of PCI Compliance

While there are many aspects to data security, protecting your business from a data breach starts with a good foundation. Businesses that complete the PCI DSS compliance process have not only taken the first steps in guarding against a costly breach, but also protect themselves from card brand non-compliance fines, fees, and assessments for forensic investigations, fraudulent purchases, and the cost of re-issuing cards. Current regulations and certain state laws place more responsibility for protecting cardholder data on businesses. There are information security standards for organizations that handle major credit card brands called Payment Card Industry Data Security Standard (PCI-DSS). Failure to meet industry and regulatory data security standards can result in fines, fees, a loss of income, and negative brand perception.

There are four levels of PCI compliance:

  • Level 1: Merchants processing over 6 million card transactions per year.
  • Level 2: Merchants processing 1 to 6 million transactions per year.
  • Level 3: Merchants handling 20,000 to 1 million transactions per year.
  • Level 4: Merchants handling fewer than 20,000 transactions per year.

Level 1: Applies to merchants processing more than six million credit or debit card transactions annually. Conducted by an authorized PCI auditor, they must undergo an internal audit once a year. In addition, once a quarter, they must submit to a PCI scan by an Approved Scanning Vendor (ASV).

Level 2: Applies to merchants processing between one and six million card-present credit or debit card transactions annually. They’re required to complete an assessment once a year using a Self-Assessment Questionnaire (SAQ). Additionally, a quarterly PCI scan may be necessary.

Level 3: Applies to merchants processing between 20,000 and one million transactions annually. They must complete a yearly assessment using the relevant SAQ. A quarterly PCI scan may also be required.

Level 4: Applies to merchants processing fewer than 20,000 transactions annually, or those that process up to one million real-world transactions. A yearly assessment using the relevant SAQ must be completed, and a quarterly PCI scan may be required.

Elavon provides complete PCI protection with the following:


Elavon supports PCI DSS protection with data breach assisitance

The online portal takes you step-by-step through the PCI compliance process

Access to valuable information to safeguard your business

Access to Elavon's PCI professionals when you need it


Financial Protection

Elavon’s PCI program offers up to $20,000 per incident per MID of data breach assistance protection per Customer ID number if you are enrolled in Elavon’s program and have certified your PCI compliance.


The online portal takes you step-by-step through the PCI DSS compliance process, including assistance with the PCI Self-Assessment Questionnaire (SAQ) and vulnerability scanning (if applicable).


Access to valuable tips and information that make it easy to understand how you can safeguard your business and your customer payment data.


Access to Elavon’s PCI professionals when you need it. We have answers to your PCI DSS questions through online help, email, and phone.

Goal: Build and Maintain a Secure Network and Systems

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open, public networks.
  5. Protect all systems against malware and regularly update anti-virus software or programs.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business justification (i.e., "need to know").
  8. Identify and authenticate access to system components.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.Maintain a policy that addresses information security for all personnel.
  12. Maintain a policy that addresses information security for all personnel.







The world of payments is continuously evolving. Elavon offers global payment expertise, so you can focus on expanding your business capabilities. We offer technical expertise to engineer eCommerce business solutions in addition to offering flexible integration options, including semi-integrated and hosted solutions.

Elavon’s innovation allows you to keep up with advancements in payment technology. You can accept omnicommerce transactions and manage your payments through a single gateway solution. Robust reporting uses data to provide actionable insights that can lead to reductions in the overall cost of doing business.

Integrating payment solutions into software can be complex. Elavon is a proven partner for reducing that complexity, saving you development time and expenses with comprehensive, end-to-end solutions. Global brands trust Elavon to take care of their customers.

 Every customer interaction reflects your brand, so we treat your customers as if they are our own. Elavon provides In-house multi-lingual customer support and dedicated relationship management available 24/7.

Let's talk about your business

By providing us with and email you are expressly consenting to receive email communications – including but not limited to marketing materials, promotions, sales campaigns, and research surveys.


Or call:


Copyright © 2019 Elavon | Elavon Inc. Two Concourse Parkway, Suite 800 Atlanta GA 30328 USA | Privacy Policy

back to top