PCI Certification Service

PCI Certification Service

Certification that isn’t a burden

Overview

McAfee PCI Certification Service provides guidance, real-time analysis of your compliance status, and quarterly automated scanning. Working directly with Visa International, we developed an accurate, easy-to-use service that makes PCI compliance more affordable and more reliable for organizations of all sizes.

Merchants can quickly meet all requirements with confidence — Complete your self-assessment questionnaire (SAQ), review quarterly vulnerability scans, launch on-demand scans to retest as needed, and even generate the necessary PCI compliance reports and documentation. If you need help, you’ll have access to unlimited, extensive online, telephone, and email support. (Telephone and email support is available from 7 a.m. – 7 p.m. PST.)

Comprehensive service and support — PCI Certification Service includes IP address scanning, assistance, recommendations to help you meet all other requirements, and extensive technical support. While we expressly designed our full-service PCI compliance service for organizations with fewer than six million payment card transactions per year (PCI Levels 2, 3, and 4), we also help larger organizations meet their PCI obligations (including conducting Level 1 onsite audits).

A trusted solution — How well does PCI Certification Service work? McAfee currently operates co-branded PCI compliance programs through partners including PayPal, CyberSource, and the U.S. Council of Better Business Bureaus to manage the enrollment of more than 250,000 merchants and third-party service providers worldwide. Tens of thousands of organizations around the world ― from government agencies and online retailers to nonprofits and manufacturers ― trust McAfee to audit their initial and ongoing PCI compliance status.

Chat with McAfee

"We have used over 10 different scanning vendors for PCI compliance, all major players. Without a doubt, McAfee SECURE's scanning system is far superior to any other. The McAfee website scanner is quick, effective, accurate, and the interface is highly flexible and easy to use. In addition, our conversion rate has increased by 9% since we added the McAfee SECURE seal to our website."
— David Farache, Vice President, Fortune3, Inc.

Features & Benefits

Achieve PCI DSS compliance quickly with greater peace of mind
Complete requirements rapidly and confidently with our accurate, easy-to-use online service. We provide tools and step-by-step guidance that give you everything you need for PCI DSS compliance and help make the process easy and painless.

Continue to demonstrate compliance
Remain in compliance and never miss submitting a quarterly validation report. Validation scans run automatically every 90 days.

Leverage the comprehensive self-assessment questionnaire (SAQ) wizard
Use our SAQ wizard tool to understand questions, correctly fill out the SAQ, remediate issues, and generate the required paperwork needed to submit to your acquiring bank.

Scan quarterly and on demand
Meet PCI DSS security scanning requirements. Our automated PCI compliance scanning uses an approved three-step process that includes dynamic port scanning, port-level network services vulnerability testing, and web application vulnerability testing. Launch on-demand scans whenever necessary.

Get unlimited technical support
Take advantage of unlimited support from our security specialists, available 7 a.m. to 7 p.m. PST. If you have a question, our experienced team is there to help you.

Use PCI compliance reports
Generate a validation report to submit to your merchant bank or payment service provider as proof of your compliance.

PCI Resources

PCI Certification Service
Read the McAfee PCI Certification Service solution brief.
Read the McAfee PCI Certification Service data sheet.

The Data Security Standard
The PCI Data Security Standard consists of 12 basic requirements and corresponding sub-requirements.

Read the PCI Data Security Standards FAQ.

Certification of Compliance
Separate and distinct from the mandate to comply with the PCI Data Security Standard is the certification, or validation, of compliance whereby entities verify and demonstrate their compliance status. It is a fundamental and critical function that identifies and corrects vulnerabilities, and protects customers by ensuring that appropriate levels of cardholder information security are maintained.

Free Consultation
Visit the home of the PCI Security Standards Council for more information. You can also call us toll-free at (877) 302-9965 for a free consultation with one of our security and compliance specialists.

Compliance Validation
The following compliance validation requirements are based on the annual volume of transactions, the potential risk, and exposure introduced into the payment system by merchants and service providers.

PCI Data Security Standard – Compliance Validation Requirements
LevelDescriptionCompliance Validation Requirements
1
  • All merchants processing a total of more than 6 million card transactions annually on the Discover network
  • All merchants required by another payment brand to validate and report their compliance as a Level 1 merchant
  • Complete an annual onsite assessment using the PCI DSS Requirements and Security Assessment Procedures. Onsite assessment may be performed by a Qualified Security Assessor or merchant's internal auditor
  • Complete quarterly network vulnerability scans performed by an Approved Scanning Vendor
2
  • All merchants processing a total of 1 million to 6 million card transactions annually
  • Complete an annual self-assessment using the applicable PCI DSS Self-Assessment Questionnaire (SAQ)
  • Complete quarterly network vulnerability scans performed by an Approved Scanning Vendor
3
  • All merchants processing a total of 20,000 to 1 million e-commerce transactions annually
  • Complete an annual self-assessment using the applicable PCI DSS SAQ
  • Complete quarterly network vulnerability scans performed by an Approved Scanning Vendor
4
  • All other merchants
  • Annual self-assessment using the applicable PCI DSS SAQ
  • Complete quarterly network vulnerability Scans performed by an Approved Scanning Vendor as appropriate
  • Validation and reporting requirements may be determined by the payment brand and/or merchant's acquirer