Do small merchants with limited transaction volumes need to comply with PCI DSS?

PCI DSS 3.2.1 PCI today 140 118 4

share close

PCI DSS is intended for all entities involved in payment processing, including merchants, regardless of their size or transaction volume.

When compared with larger merchants, small merchants often have simpler environments, with limited amounts of cardholder data and fewer systems that need protecting, which can help reduce their PCI DSS compliance effort.

Whether a small merchant is required to validate compliance is determined by the individual payment brands. For questions regarding compliance validation and reporting requirements, merchants should contact their acquirer (merchant bank) or payment brand they do business with, as applicable.  

Written by: PCI

Tagged as: .

Rate it
Previous post


  • 100
  • 141


8 Tips for small merchants

The COVID-19 pandemic is quickly changing how many small merchants accept payments. Merchants that previously only had brick-and-mortar locations are moving to accept e-commerce and over-the-phone transactions. PCI Security Standards ...