PCI-DSS · Preparation Kit
PCI-DSS Readiness for Vietnamese Fintech
PCI-DSS preparation materials, from scope reduction, SAQ selection, to 12 requirements checklist. For Vietnamese Fintech processing international payments.
Get pTrackly support →1. Determine Level and Scope
- □ Level 1: > 6M transactions/year → ROC required
- □ Level 2-4: appropriate SAQ based on card processing type
- □ Scope = all systems storing, processing, or transmitting CHD
- □ Tokenization and out-of-scope components to reduce scope
2. SAQ Selection Guide
- □ SAQ A: card-not-present, fully outsourced payment
- □ SAQ B: imprint machines, standalone terminals
- □ SAQ C: payment terminals with internet connection
- □ SAQ D: all other types, comprehensive requirements
- □ Confirm SAQ type with Payment Brand or Acquiring Bank
3. 12 Requirements Checklist (v4.0)
- □ 1. Network Security Controls (firewall, segmentation)
- □ 2. Default Passwords, change all vendor defaults
- □ 3. Protect Stored Account Data, minimize CHD storage
- □ 4. Protect Data in Transit, TLS for all CHD transmission
- □ 5-12: Malware protection, secure development, access control, physical security, monitoring, testing, policies...
4. Penetration Testing
- □ External pen test: at least annually and after major changes
- □ Internal pen test: covering CHD environment
- □ Segmentation test if using network segmentation to reduce scope
- □ Qualified Security Assessor (QSA) for Level 1
pTrackly helps you implement PCI-DSS faster with ready-made templates and automated evidence collection.
Get Free DemoReady to get audit-ready?
Book a 15-minute call. See the platform. Decide if it fits.
Book Free Demo 15 min, no commitment No credit card required Setup in 24 hours Cancel anytime