💳 PCI DSS

PCI DSS for Service Providers

Level 1 & Level 2 service-provider validation

Service providers that store, process or transmit cardholder data — or affect the security of the CDE — must validate to PCI DSS. We determine your level and drive you to a clean Attestation of Compliance.

Speak to a specialist →Back to PCI DSS

In scope

What this covers

The specifics that matter for PCI DSS for Service Providers.

Get a scoping call

Level 1: >300,000 transactions/year — annual on-site assessment by a QSA and quarterly ASV scans, culminating in a Report on Compliance (RoC).

Level 2: <300,000 transactions/year — annual self-assessment (SAQ D for Service Providers) with quarterly ASV scans.

Service-provider responsibility matrix and customer-facing AoC for your clients' due diligence.

Designated Entities Supplemental Validation (DESV) where required.

More in PCI DSS

PCI DSS for MerchantsMerchant Levels 1–4 validation

Get certified-ready for Service Providers

Book a working session with an Aanetic expert and walk away with a clear roadmap.

Talk to an expert Browse services