PCICompliance.info | Security Controls for Ongoing PCI Compliance

E-commerce sites have stricter requirements for PCI DSS, although they have to follow the rules too!

As you can see, any e-commerce merchant processing < 20,000 transactions per year is a Level 4 merchant and must complete the SAQ and a network scan. Any merchant that is processing over 20,000 transactions per year (and less than 1 Million) is a Level 3 merchant (in purple) and was required to be compliant in 2005.

What is PCI?
Who has to comply?
What "Merchant Level" am I?
Isn't PCI for e-commerce sites?
What is a "scan"? How often must I scan my system?
What are QSAs or Qualified Security Assessors?
What is the SAQ or Self Assessment Questionnaire?
Aren't I allowed to keep whatever data I want? It's my account!
I only take a few cards per month - do I still need PCI?
I never agreed to be compliant... show me my contract!
I can't afford it right now - Can I wait until I have a bigger company?
My bank hasn't told me anything about compliance.
What if all my answers on the SAQ are "No" or "Yes"?
Compliance is a scam and doesn't exist.
How does Validating My Account get me compliant?
Is EPI PCI Compliant? How do I tell?
I already have a Compliance Certificate!