Any e-commerce business that handles card payments falls under PCI DSS. We scope your cardholder data environment, pick the right SAQ, and close the gaps.
More context on this sector on our E-commerce industry page, and on the framework itself on our PCI DSS hub.
Tailored to E-commerce, delivered by a Toronto security and compliance team led by a published CVE researcher, with our partner Lorikeet Security where offensive testing is involved.
See the full PCI DSS service page, or productized pricing for fixed-scope engagements.
It depends on how you handle cards — a fully hosted checkout (SAQ A) has far less scope than directly handling card data. We determine the right SAQ and minimize your scope.
Most small and mid-size e-commerce merchants can self-assess with the appropriate SAQ; larger merchants may need a Qualified Security Assessor. We tell you which tier you are in.
Version 4.0 adds more prescriptive requirements around authentication, scripts on payment pages, and ongoing risk management. We scope against the current standard.
Book a free 30-minute discovery call. We will tell you whether this engagement fits, what it would cost, and when we could start.