The SMB merchant must complete the following steps to become PCI compliant:

  • Determine which Self-Assessment Questionnaire (SAQ) your business should use to validate compliance.
  • Complete the SAQ per the instructions.
  • Complete and obtain evidence of a passing vulnerability scan with a PCI SSC Approved Scanning Vendor (ASV).
  • Complete the relevant Attestation of Compliance in its entirety.
  • Submit the SAQ, evidence of a passing scan (if applicable), and the Attestation of Compliance.