Depending on how you process cards determines your validation type and your requirements to comply with the PCI DSS. Typical steps for level 4 merchants to become PCI DSS compliant include but are not limited to completing the following:
- Determine your validation type
- Complete and report an attestation of compliance and self assessment questionnaire (SAQ) annually
- Complete and report results of all external vulnerability assessment scans (all external facing IP addresses used to process, view, or handle credit card data require scans) performed by an approved scan vendor (ASV) quarterly
- Create and update an information security policy annually
Because businesses have unique methods of processing credit cards, a PCI compliance consultant will help you understand which of the Payment Card Industry Data Security Standards apply to your business.