Commercial transaction

PCI for Merchants

Merchant Compliance Portal

Merchant Compliance Portal

PCI certification with the Merchant Compliance Portal for merchants

As a merchant accepting credit card payments, you must make sure to prevent any misuse of sensitive cardholder data by unauthorized third parties. To do this, you must comply with the global Payment Card Industry Data Security Standards (PCI DSS), which were developed by the credit card schemes to improve data security in payment transactions. Evidence of your compliance with the standards must be furnished at regular intervals in the form of PCI certification.


We offer a simple and all-inclusive portal solution that supports merchants, irrespective of their size and area of industry, along their way to certification ––from newsstand owners with only an occasional credit-card payment to small bookstores, travel agents, and established online shops. Our free Merchant Compliance Portal provides guidance at every step of the certification process.

  • The Merchant Compliance Portal bundles all the necessary test criteria and carries them out automatically, aligned to individual needs.

  • As a merchant, you can document your compliance with the security criteria and demonstrate it to your acquirers.

  • In addition, the portal offers extensive technical support and can take over complete compliance monitoring, performed by trained TÜV SÜD experts.

PCI certification for online shops and retailers


For PCI DSS certification, the leading credit card schemes categorise their merchants into various levels with different security requirements. The following forms of security evidence are basic requirements for PCI certification:

  • Annual self-assessment / Self Assessment Questionnaire (SAQ)

  • Quarterly vulnerability scans performed by an approved scanning vendor (ASV)

  • Annual on-site audits – these on-site security audits are intended for merchants with millions of transactions per year.

The Merchant Compliance Portal offers the following Services


Retailers which need not undertake on-site auditing can complete their SAQs directly online in the Merchant Compliance Portal, and take advantage of automated processing of the required ASV scans for a smooth road to PCI Compliance.






Vulnerability Scans


Creating your personal user account.

With a few questions, the portal can define which self-assessment questionnaire is relevant for you.


Complete the questionnaire defined in advance, containing questions on your company, type of credit-card acceptance etc.

Vulnerability scans may be necessary depending on the type of credit card acceptance and integration into your network.

Your compliance report, results of vulnerability scans, and other relevant documents will be provided in the portal.

For these services, the Merchant Compliance Portal offers merchants the following features:

  • For merchants, use of the portal including the SAQs is completely free of charge.

  • The content of self-assessments are saved until the next time an SAQ has to be completed.

  • Vulnerability scans can be ordered and carried out in an automated process.

  • The portal sends out automatic notifications if activities on the part of the merchants are required.

  • Use of the systematic project management approach helps to cut costs right from the start, e.g. by reducing the number of ASV scans or the scope of the on-site audits.

What is included in the PCI DSS security audits for merchants?

Self-Assessment Questionnaire (SAQ) – In addition to the processing of payment card information in your company, the questionnaire surveys the following aspects:

  • General company information

  • Connections with other companies

  • Technical details relevant for the implementation of the PCI DSS key requirements.

Vulnerability scan (ASV scan): The objective of the security scan is to identify security gaps in systems and websites which might be used by attackers to access payment card data. Vulnerability scans identify potential gaps by running automated tests on the following parts of your IT systems:

  • Network components

  • Operating systems

  • Applications

On-site audits: Major merchants in particular must undergo an annual on-site audit in addition to the ASV scan. This on-site security audit covers various activities, including

  • Inspection of server rooms

  • Employee interviews

  • Review of process documentation and hardening guidelines

  • Software testing for system configuration and patch status

Expert support beyond the Merchant Compliance Portal

We support our merchants not only by providing the Merchant Compliance Portal, but also by advising them on all further issues, such as the essential technical questions in the SAQ. The specially trained experts at TÜV SÜD First Level Support are familiar with the technical details and speak the same language as the merchants. In addition to PCI DSS certification, we can supply merchants with further optional Payment Security services, based on our cross-functional expertise in a variety of cybersecurity fields:


  • Compliance awareness: Technical advisory and workshops at management and employee level
  • Pre-compliance services: Compliance analyses, GAP analyses, pre-audits and pre-scans
  • Implementation support: Support with the development of policies and procedures, advice on technical concepts and penetration tests

Security with the Merchant Compliance Portal

Trust is a factor of paramount relevance in virtual transactions. We support your operations as a merchant, assisting with secure implementation of modern technology and enabling you to accept credit card payments and guarantee your customers the highest security standards as demonstrated by the established TÜV SÜD certification mark. As an accredited certification provider, we accompany you step by step along the road to PCI Compliance.

Prochaines étapes

Sélectionnez votre emplacement