PCI DSS Compliance

Learn how Finix handles PCI DSS compliance.


The Payment Card Industry Data Security Standards (PCI DSS) is a set of information security standards created and managed by the Payment Card Industry Security Standards Council (PCI SSC) for organizations that store, process, or transmit credit card data.

The major card brands (including Visa, Mastercard, Discover, and American Express) require PCI DSS compliance.

Finix helps you and your users validate compliance with PCI DSS by providing the necessary forms and verifying the submitted information. Users can include any entity that stores, processes, or transmits credit card data.

PCI Levels

There are four levels of PCI compliance. If the requirements apply to you or a user, the entity will need to meet that level of PCI DSS compliance before it can process payments.

PCI Level Applies to
PCI Level 1
  • Users that process over 6 million card transactions annually through all channels and regions. (card-present, ecommerce, etc).
PCI Level 2
  • Users that process between 1 to 6 million card transactions annually through all channels and regions. (card-present, ecommerce, etc).
PCI Level 3
  • Users that process between 20,000 to 1 million card transactions annually online (ecommerce only).
PCI Level 4
  • Users that process less than 20,000 card transactions online (ecommerce only) annually.
  • Users that process up to 1 million card transactions annually through all channels and regions. (card-present, ecommerce, etc).

Finix is certified as a Level 1 Payment Card Industry Data Security Standards (PCI DSS) compliant Service Provider.

Validating PCI DSS Compliance

Every one of your sellers eligible to process payments is required to validate compliance with PCI DSS annually.

Sellers can validate compliance by completing and attesting to a Self Assessment Questionnaire (SAQ).

Finix takes care of the heavy lifting and creates the SAQ compliance forms your sellers need to complete. Finix pre-fills some information based on the information collected from you as part of the implementation process.

For information on how you and your sellers can validate compliance with PCI DSS, see Managing PCI Compliance.