PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards established by the PCI Security Standards Council (founded by Visa, Mastercard, American Express, Discover, and JCB). It applies to all organizations that store, process, or transmit cardholder data. The current version is PCI DSS v4.0, which became mandatory in March 2025.

What are the PCI DSS compliance levels?

PCI DSS defines four merchant levels based on annual transaction volume. Level 1: over 6 million transactions (requires annual on-site assessment by a QSA). Level 2: 1-6 million transactions. Level 3: 20,000-1 million e-commerce transactions. Level 4: fewer than 20,000 e-commerce or up to 1 million other transactions. Levels 2-4 can typically self-assess using an SAQ.

What are the different SAQ types?

Self-Assessment Questionnaires (SAQs) vary by how you handle cardholder data. SAQ A: card-not-present merchants that fully outsource payment processing. SAQ A-EP: e-commerce merchants that partially outsource. SAQ B: merchants using imprint machines or standalone terminals. SAQ C: merchants with payment application systems connected to the internet. SAQ D: all other merchants and service providers.

What are the penalties for PCI DSS non-compliance?

Non-compliance can result in fines from $5,000 to $100,000 per month from payment card brands. In the event of a data breach, organizations may face additional penalties including forensic investigation costs, card replacement costs, increased transaction fees, and potential loss of the ability to process payment cards. Lawsuits and regulatory action add further financial exposure.

How does penetration testing relate to PCI DSS?

PCI DSS Requirement 11.4 explicitly requires penetration testing at least annually and after any significant infrastructure or application changes. This includes both internal and external penetration tests, as well as network segmentation testing. PCI DSS v4.0 added requirements for authenticated internal scanning and more rigorous application security testing.

Free PCI DSS Compliance Checklist

Evaluate your PCI DSS compliance posture in minutes

Answer eight questions about your organization's cardholder data security practices and get a compliance score, gap analysis, and prioritized remediation plan. Covers key PCI DSS requirements including firewall configuration, cardholder data protection, encryption, access control, and network monitoring.

Question 1 of 8

Do you have firewalls installed and configured to protect cardholder data environments?

Yes, with documented rules and regular review

Firewalls in place, but rules not regularly reviewed

No firewall protection for cardholder data

Trusted by teams at

How it works

How PCI DSS Compliance Checklist works

Answer 8 questions

Complete a short questionnaire covering key PCI DSS requirements: firewall configuration, default passwords, cardholder data protection, encryption, anti-malware, secure development, access control, and network monitoring.

Get your compliance score

Your answers are scored against PCI DSS v4.0 requirements to produce an overall compliance percentage and per-requirement breakdown.

Receive a remediation plan

Get a personalized gap analysis with a prioritized 90-day action plan covering specific remediation steps to achieve PCI DSS compliance.

Features

What PCI DSS Compliance Checklist checks

Covers all six PCI DSS goal categories

Evaluates your organization across the six PCI DSS goals: build and maintain a secure network, protect cardholder data, manage vulnerabilities, implement access controls, monitor and test networks, and maintain an information security policy.

Assess cardholder data protection and encryption

Checks whether you properly protect stored cardholder data with encryption, truncation, or tokenization, and encrypt data in transit — the requirements most directly tied to preventing breaches.

Evaluate network security and monitoring

Reviews whether you have properly configured firewalls, deploy anti-malware, and conduct regular network monitoring and vulnerability scanning — critical for maintaining a secure cardholder data environment.

Get a prioritized compliance roadmap

Generates a concrete, prioritized action plan with specific remediation tasks, estimated timelines, and resource requirements to close compliance gaps before your next assessment.

Use cases

Who should use the free PCI DSS Compliance Checklist

E-Commerce Companies

Assess your PCI DSS compliance posture and identify gaps in how you handle cardholder data. Prioritize remediation before your next quarterly scan or annual assessment.

Payment Processors

Evaluate your compliance across all PCI DSS requirements and ensure your infrastructure meets the standards required for processing payment card transactions.

IT Security Teams

Get a baseline compliance score and gap analysis to plan remediation work. Map existing controls to PCI DSS requirements and identify what needs to be built or improved.

More tools

All free security tools

FAQ

Frequently asked questions

Everything you need to know about the free PCI DSS Compliance Checklist.

Go beyond PCI DSS Compliance Checklist

This free PCI DSS Compliance Checklist checks a handful of things. Maced's AI pentest checks thousands.

Get a full autonomous penetration test — including OWASP Top 10, authentication flaws, business logic errors, API security, and more — with a compliance-ready report in hours.

Start Pentest

Proof of exploit on every finding · SOC 2 & ISO 27001 compatible

Free PCI DSS Compliance Checklist

Evaluate your PCI DSS compliance posture in minutes

How PCI DSS Compliance Checklist works

Answer 8 questions

Get your compliance score

Receive a remediation plan

What PCI DSS Compliance Checklist checks

Covers all six PCI DSS goal categories

Assess cardholder data protection and encryption

Evaluate network security and monitoring

Get a prioritized compliance roadmap

Who should use the free PCI DSS Compliance Checklist

E-Commerce Companies

Payment Processors

IT Security Teams

All free security tools

Scanners

Checkers

Decoders & Generators

Compliance & Assessments

Frequently asked questions

This free PCI DSS Compliance Checklist checks a handful of things. Maced's AI pentest checks thousands.

Free PCI DSS Compliance Checklistself.__wrap_n!=1&&self.__wrap_b("_R_138dav5ubtpfl7b_",1)

Evaluate your PCI DSS compliance posture in minutesself.__wrap_n!=1&&self.__wrap_b("_R_158dav5ubtpfl7b_",1)

How PCI DSS Compliance Checklist worksself.__wrap_n!=1&&self.__wrap_b("_R_l5dav5ubtpfl7b_",1)

Answer 8 questionsself.__wrap_n!=1&&self.__wrap_b("_R_2j9dav5ubtpfl7b_",1)

Get your compliance scoreself.__wrap_n!=1&&self.__wrap_b("_R_2l9dav5ubtpfl7b_",1)

Receive a remediation planself.__wrap_n!=1&&self.__wrap_b("_R_2n9dav5ubtpfl7b_",1)

What PCI DSS Compliance Checklist checksself.__wrap_n!=1&&self.__wrap_b("_R_l5lav5ubtpfl7b_",1)

Covers all six PCI DSS goal categoriesself.__wrap_n!=1&&self.__wrap_b("_R_339lav5ubtpfl7b_",1)

Assess cardholder data protection and encryptionself.__wrap_n!=1&&self.__wrap_b("_R_359lav5ubtpfl7b_",1)

Evaluate network security and monitoringself.__wrap_n!=1&&self.__wrap_b("_R_379lav5ubtpfl7b_",1)

Get a prioritized compliance roadmapself.__wrap_n!=1&&self.__wrap_b("_R_399lav5ubtpfl7b_",1)

Who should use the free PCI DSS Compliance Checklistself.__wrap_n!=1&&self.__wrap_b("_R_l5tav5ubtpfl7b_",1)

E-Commerce Companiesself.__wrap_n!=1&&self.__wrap_b("_R_1j9tav5ubtpfl7b_",1)

Payment Processorsself.__wrap_n!=1&&self.__wrap_b("_R_1l9tav5ubtpfl7b_",1)

IT Security Teamsself.__wrap_n!=1&&self.__wrap_b("_R_1n9tav5ubtpfl7b_",1)

All free security toolsself.__wrap_n!=1&&self.__wrap_b("_R_l65av5ubtpfl7b_",1)

Scanners

Checkers

Decoders & Generators

Compliance & Assessments

Frequently asked questionsself.__wrap_n!=1&&self.__wrap_b("_R_l6dav5ubtpfl7b_",1)

What is PCI DSS?

What are the PCI DSS compliance levels?

What are the different SAQ types?

What are the penalties for PCI DSS non-compliance?

How does penetration testing relate to PCI DSS?

This free PCI DSS Compliance Checklist checks a handful of things. Maced's AI pentest checks thousands.self.__wrap_n!=1&&self.__wrap_b("_R_15alav5ubtpfl7b_",1)

Free PCI DSS Compliance Checklist

Evaluate your PCI DSS compliance posture in minutes

How PCI DSS Compliance Checklist works

Answer 8 questions

Get your compliance score

Receive a remediation plan

What PCI DSS Compliance Checklist checks

Covers all six PCI DSS goal categories

Assess cardholder data protection and encryption

Evaluate network security and monitoring

Get a prioritized compliance roadmap

Who should use the free PCI DSS Compliance Checklist

E-Commerce Companies

Payment Processors

IT Security Teams

All free security tools

Frequently asked questions

This free PCI DSS Compliance Checklist checks a handful of things. Maced's AI pentest checks thousands.