PCI-DSS · Preparation Kit

PCI-DSS Readiness for Vietnamese Fintech

PCI-DSS preparation materials, from scope reduction, SAQ selection, to 12 requirements checklist. For Vietnamese Fintech processing international payments.

Get pTrackly support →

1. Determine Level and Scope

  • Level 1: > 6M transactions/year → ROC required
  • Level 2-4: appropriate SAQ based on card processing type
  • Scope = all systems storing, processing, or transmitting CHD
  • Tokenization and out-of-scope components to reduce scope

2. SAQ Selection Guide

  • SAQ A: card-not-present, fully outsourced payment
  • SAQ B: imprint machines, standalone terminals
  • SAQ C: payment terminals with internet connection
  • SAQ D: all other types, comprehensive requirements
  • Confirm SAQ type with Payment Brand or Acquiring Bank

3. 12 Requirements Checklist (v4.0)

  • 1. Network Security Controls (firewall, segmentation)
  • 2. Default Passwords, change all vendor defaults
  • 3. Protect Stored Account Data, minimize CHD storage
  • 4. Protect Data in Transit, TLS for all CHD transmission
  • 5-12: Malware protection, secure development, access control, physical security, monitoring, testing, policies...

4. Penetration Testing

  • External pen test: at least annually and after major changes
  • Internal pen test: covering CHD environment
  • Segmentation test if using network segmentation to reduce scope
  • Qualified Security Assessor (QSA) for Level 1

pTrackly helps you implement PCI-DSS faster with ready-made templates and automated evidence collection.

Get Free Demo

Ready to get audit-ready?

Book a 15-minute call. See the platform. Decide if it fits.

Book Free Demo 15 min, no commitment
No credit card required Setup in 24 hours Cancel anytime
Book a Demo