If your company stores, processes, or transmits credit card data, you are required to be PCI compliant. Whether you’re a small merchant processing thousands (Level-1) of credit card transactions per year, or a large company processing over 6 million (Level-4) a year, the requirements of PCI affect your business.

Many small companies and startups are now relying on service providers such as Stripe, Square, Shopify for payment processing. While many of these services cover many of the requirements of PCI, it is still your responsibility to be compliant end-to-end. If you accept credit card numbers and post them to an API in the background, you are responsible for the split second the data is on your servers. Smaller companies can achieve compliance fairly quickly. Generally, the only requirements necessary are regular compliance network scans, completion of a self-assessment questionnaire, and completion of an attestation document. Larger companies have more requirements, but generally the impact is minimal because more resources are available for compliance.

Learn More about PCI / DSS

Have Questions About PCI?

Let us help you find out what compliance framework is best for your business.

SOC 1 / SSAE 18

Learn how SOC 1 reports can help businesses with services that impact financial reporting meet the needs of customers and partners.


Learn how SOC 2 reports differ from SOC 1 and are best-suited for companies providing information services such as SaaS and cloud companies.


Learn how HIPAA no longer impacts just healthcare companies. If your company stores any health data (even on behalf of a customer), you're liable.


Learn how to classify your business based on the number of transactions performed on an annual basis. Any business accepting credit cards must demonstrate compliance.

ISO 27001 / 27002

Learn how ISO 27001 is the first step in developing an information security management program that will help your business build trust internationally.