Free interactive tool

Are you in scope for PCI DSS?

Answer four quick questions to get an indicative read on your PCI DSS v4.0 scope, your likely SAQ type or merchant level, and the fastest path to compliance.

1. How does card payment data flow through your business?
2. Which best describes you?
3. Roughly how many card transactions per year?
4. Do you use a PCI-compliant payment gateway / processor?

How PCI DSS scope works

Scope is everything

Your PCI DSS effort and cost are driven almost entirely by how much of your environment touches cardholder data. Get scoping right first.

SAQ vs ROC

Smaller/outsourced merchants often validate with a Self-Assessment Questionnaire (SAQ); Level 1 merchants and most service providers need a QSA-led Report on Compliance (ROC).

Reduce, don’t just comply

Tokenisation, segmentation and outsourcing card capture can drop you from a heavy SAQ D to a light SAQ A — less cost, less risk.

Explore our PCI DSS QSA services →