Digital Advertising·Global Expansion
Get a Quote
中文 English
Table of Contents
1 What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI-DSS) sets requirements for merchants to securely handle card payments. This is essential for protecting privacy, preventing fraud and data breaches, and aims to provide protection for sensitive information throughout the card payment lifecycle — from card acceptance to payment processing.

PCI compliance is the result of the Payment Card Industry Data Security Standard jointly implemented by the PCI Security Standards Council and the five major card networks (VISA, Mastercard, Discover, American Express, and JCB). These standards help ensure consistency in cardholder protection measures globally.

Learn More: Visit pcisecuritystandards.org for detailed information on the PCI-DSS standard.

2 PCI-DSS Compliance Levels

Before understanding the PCI-DSS compliance levels you must adhere to, you need to determine your compliance "level" based on the following criteria. Note that the data below is based on the past 52 weeks.

PCI-DSS Level Description
Level 1
  • Merchants processing over 6 million VISA or Mastercard transactions annually
  • Merchants designated as Level 1 by any card network (Visa, Mastercard, etc.)
Level 2 Merchants processing 1 million to 6 million VISA or Mastercard transactions annually
Level 3 Merchants processing 20,000 to 1 million VISA or Mastercard e-commerce transactions annually
Level 4 Merchants processing fewer than 20,000 VISA or Mastercard e-commerce transactions annually and other merchants processing up to 1 million VISA or Mastercard transactions annually

Source: Visa PCI DSS Compliance

3 Who Needs to Comply with PCI-DSS?

Any merchant that accepts card payments (credit or debit) and/or transmits cardholder information must comply with PCI standards and meet the necessary requirements. The specific requirements depend on various factors, including the nature of the organization and the volume and scale of transactions.

KCARDS INC customers with online payment products need to ensure they meet the relevant PCI-DSS compliance requirements. You can refer to the guide below.

Integration Method Level 2 Level 3 Level 4
Get Paid / Pay By Link No PCI-DSS requirement
API-only Integration Submit PCI-DSS AOC and update annually
Plugged Field Integration Submit PCI-DSS SAQ A-EP questionnaire and update per specific policy
Embedded Field Integration
Hosted Payment Page Integration Submit PCI-DSS SAQ A questionnaire and update per specific policy
WooCommerce and Magento Submit PCI-DSS SAQ A-EP questionnaire and update per specific policy

Note: If you are a Level 1 merchant and use online payments other than Get Paid/Pay by Link, the following are required:

  • A Report on Compliance written by a Qualified Security Assessor or by an internal auditor (with company executive signature)
  • Submission of Attestation of Compliance (AOC) form
  • Quarterly scans by an Approved Scanning Vendor (ASV)
4 I Need to Comply with PCI-DSS — How Do I Do That?

If you determine that you need to comply with PCI-DSS, KCARDS INC can guide you through the process. If you have completed PCI-DSS forms within the past 12 months, you can provide them to KCARDS INC.

Based on the list above, you can determine which forms you need to fill out. You can download the documents below:

Important: You need to send the completed forms to your KCARDS INC account manager. If you fail to provide the relevant information or meet the PCI-DSS compliance requirements, KCARDS INC may choose not to provide or suspend your payment services.

5 What Happens If I Don't Comply with PCI-DSS?

Card networks may determine "non-compliance" and impose substantial fines. If you fail to correct your PCI-DSS non-compliance within each quarter, fines may double.

Important Notice:For customers in EU countries, PCI-DSS violations also constitute GDPR violations, as cardholder information is considered personal data. This means facing dual compliance risks.

Potential consequences of non-compliance:

  • Substantial fines (accumulating quarterly)
  • Suspension or termination of payment services
  • Reputational damage and loss of customer trust
  • GDPR violation risks (EU regions)
Last Updated: June 2026
Chat
Top

Contact Us

Leave your information and we will provide professional consultation within 48 hours

We promise to protect your privacy. Information is only used for service communication.