PCI DSS Compliance Requirement

The payment brands (American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.) have mandated all merchants who store, transmit or process cardholder information to maintain compliance with the PCI DSS. As your service provider, Kotapay takes the protection of customer and payment account data very seriously.

We understand the risks and financial costs a compromise can pose to your business. In support of this important mandate, we require all of our merchants to validate their PCI DSS compliance status. To help make the process as convenient as possible, we're providing the following documents:

Frequently Asked Questions about PCI Compliance Validation


What is PCI DSS?

Is PCI DSS new?

I only process a few hundred dollars a month. Does my merchant account still need to be PCI compliant?

I already use a "PCI compliant" terminal/gateway. Doesn't that mean I am PCI compliant?

Can I choose not to certify for PCI compliance?

How long is the PCI compliance certification valid?

What if I have already been certified or choose to certify through another Qualified Security Assessor (QSA)/Approved Scanning Vendor (ASV)?