Revolv3 - Logo

Solutions

Enterprise Payment System
Scaling Businesses
Industry Software Vendors
High Risk Payments

Pricing

Resources

Articles
Blogs
Press Releases
Publications
Case Studies
View All Resources

Development Hub

Our Company

About Us
Careers
Contact Us
Revolv3 - Logo White
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
DenyAccept
Privacy Preference Center
When you visit websites, they may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website. The storage may be used for marketing, analytics, and personalization of the site, such as storing your preferences. Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.
AllowReject
Manage Consent Preferences by Category
Essential
Always Active
These items are required to enable basic website functionality.
Marketing
These items are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the website operator’s permission.
Personalization
These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your current location.
Analytics
These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.
Confirm preferences

PCI Compliance

Last updated:

What is PCI?

The PCI DSS (Payment Card Industry Data Security Standard) council was created by the five major networks (Visa, MasterCard, Discover, JCB, and American Express) with the objective to secure cardholder data.  PCI DSS standards ensure that all providers, merchants, platforms, and processors continually secure card and cardholder data commensurate with their size, processes, and providers.  Anyone that stores, processes, or transmits cardholder data is bound by the PCI DSS standards.

The PCI DSS Council has a knowledge base of resources to help determine where you fit in the payment ecosystem and what is required for your business type.  Revolv3 also has internal resources to help you through this process, maintain compliance, or if you are required to have an annual audit, recommend providers.

Revolv3 is PCI Level 1

Revolv3 maintains the highest level of PCI compliance commonly referred to as PCI Level 1.  This level of compliance requires ongoing scans and penetration testing along with an annual audit and on-site visit performed by a QSA (Qualified Security Assessor).  Our most recent audit is available in the AOC on this page or through the AOC link.  

Merchants or platforms using Revolv3 can access our latest AOC on this page that can be used to prove PCI compliant providers for your own audit.    

On March 31st, 2022 Version 4 of the PCI DSS requirements were published.  If you are currently integrated to version (3.2.1), your integration is valid until March 2024, but it’s recommend you begin the work to reach level 4 compliance.  

  • Website refers to Revolv3, Inc., accessible from http://www.revolv3.com.
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
    Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

What level of PCI is right for you?

There are a number of factors that determine a merchant’s required PCI scope, but generally this is graded on the number of transactions processed annually.

  • Level 1:  Merchants that process over 6 million card transactions annually.
  • Level 2:  Merchants that process between 1 and 6 million transactions annually.
  • Level 3:  Merchants that process 20,000 to 1 million transactions annually.
  • Level 4:  Merchants that process fewer than 20,000 transactions annually.

While Level 1 Merchants provide their AOC, merchants outside Level 1 will complete an SAQ annually to attest their compliance.

‍SAQ Alphabet Soup (Card Not Present only)

  • SAQ A: Applies to Card Not Present merchants that outsource all card processing to PCI compliant vendors.
  • SAQ A-EP: Applies to Card Not Present merchants who’s websites is managed in-house but the card processing is outsourced to PCI compliant vendors.
  • SAQ B: Applies to Card Not Present merchants that control how card data is directed to payment processors but never receive the data themselves.
  • SAQ C-VT: Applies to merchants that process card data in a web-based virtual terminal.  This data would be entered to the virtual terminal manually.
  • SAQ C: Applies to merchants that don’t store cardholder data but have payment applications linked via the internet.
  • SAQ D: Applies to merchants that are not addressed in SAQ A-C

Request AOC Certification

What is PCI?

The PCI DSS (Payment Card Industry Data Security Standard) council was created by the five major networks (Visa, MasterCard, Discover, JCB, and American Express) with the objective to secure cardholder data.  PCI DSS standards ensure that all providers, merchants, platforms, and processors continually secure card and cardholder data commensurate with their size, processes, and providers.  Anyone that stores, processes, or transmits cardholder data is bound by the PCI DSS standards.

The PCI DSS Council has a knowledge base of resources to help determine where you fit in the payment ecosystem and what is required for your business type.  Revolv3 also has internal resources to help you through this process, maintain compliance, or if you are required to have an annual audit, recommend providers.

Revolv3 is PCI Level 1

Revolv3 maintains the highest level of PCI compliance commonly referred to as PCI Level 1.  This level of compliance requires ongoing scans and penetration testing along with an annual audit and on-site visit performed by a QSA (Qualified Security Assessor).  Our most recent audit is available in the AOC on this page or through the AOC link.  

Merchants or platforms using Revolv3 can access our latest AOC on this page that can be used to prove PCI compliant providers for your own audit.    

On March 31st, 2022 Version 4 of the PCI DSS requirements were published.  If you are currently integrated to version (3.2.1), your integration is valid until March 2024, but it’s recommend you begin the work to reach level 4 compliance.  

  • Website refers to Revolv3, Inc., accessible from http://www.revolv3.com.
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
    Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

What level of PCI is right for you?

There are a number of factors that determine a merchant’s required PCI scope, but generally this is graded on the number of transactions processed annually.

  • Level 1:  Merchants that process over 6 million card transactions annually.
  • Level 2:  Merchants that process between 1 and 6 million transactions annually.
  • Level 3:  Merchants that process 20,000 to 1 million transactions annually.
  • Level 4:  Merchants that process fewer than 20,000 transactions annually.

While Level 1 Merchants provide their AOC, merchants outside Level 1 will complete an SAQ annually to attest their compliance.

‍SAQ Alphabet Soup (Card Not Present only)

  • SAQ A: Applies to Card Not Present merchants that outsource all card processing to PCI compliant vendors.
  • SAQ A-EP: Applies to Card Not Present merchants who’s websites is managed in-house but the card processing is outsourced to PCI compliant vendors.
  • SAQ B: Applies to Card Not Present merchants that control how card data is directed to payment processors but never receive the data themselves.
  • SAQ C-VT: Applies to merchants that process card data in a web-based virtual terminal.  This data would be entered to the virtual terminal manually.
  • SAQ C: Applies to merchants that don’t store cardholder data but have payment applications linked via the internet.
  • SAQ D: Applies to merchants that are not addressed in SAQ A-C

The Visa Global Registry of Service Providers

Get full access to our platform to see how easy it is to configure and manage payments that are optimized for First Pass Approvals

Schedule a demo
arrow-right
Revolv3 - Map
Revolv3 - Logo White
Full stack SaaS payment optimization platform for subscription billing; utilizing adaptive technology to deliver the industry’s highest credit card acceptance rates.
Company
About Us
Careers
Development Hub
Pricing
Contact Us
Solutions
Enterprise Payment System
Scaling Businesses
Industry Software Vendors
High Risk Payments
Resources
Articles
Blogs
Press Releases
Publications
Case Studies
View All Resources
Legal
Attestation of Compliance
PCI Compliance
Disclaimer
Terms and Conditions
Privacy Policy
Cookies Policy
Cookie Preferences
Copyright © 2022 Revolv3, Inc. All Rights Reserved