BrightWorks IT helps merchants and service providers achieve and maintain PCI DSS 4.0 compliance. We handle gap assessments, network segmentation, vulnerability scanning, and SAQ preparation — so you can process payments with confidence.
Find out where your organization stands with PCI DSS 4.0.
Payment card fraud costs the industry billions annually. PCI DSS 4.0 raises the bar — and acquirers are cracking down on non-compliant merchants.
The new standard demands targeted risk analysis, enhanced authentication, automated log reviews, and client-side script management. Organizations that were compliant under 3.2.1 may have significant gaps under 4.0.
There are 9 different SAQ types, and choosing the wrong one — or filling it out incorrectly — can leave you exposed. Most businesses underestimate the complexity until their acquirer pushes back.
If your cardholder data environment (CDE) isn't properly segmented, your entire network is in scope. That means every device, every server, every workstation must meet PCI requirements.
After a breach, non-compliant merchants face fines from card brands ($5K–$100K/month), forensic investigation costs, card reissuance fees, and potential loss of the ability to process payments entirely.
If you answer "yes" to any of these, you need PCI DSS compliance:
PCI DSS applies to every organization that stores, processes, or transmits cardholder data — regardless of size or transaction volume.
We don't just assess — we implement, validate, and maintain your PCI compliance year-round.
Comprehensive evaluation of your cardholder data environment against all PCI DSS 4.0 requirements, including the 64 new controls introduced in the latest version.
CDE scoping • Gap analysis • Prioritized remediationProperly segment your network to minimize the cardholder data environment scope, reducing compliance burden and cost while strengthening security.
Micro-segmentation • Firewall rules • Scope reductionQuarterly ASV scans, internal vulnerability scanning, and annual penetration testing by qualified assessors — all required by PCI DSS.
ASV scans • Internal scans • Pen testingWe determine the correct SAQ type for your business, complete it accurately, and prepare your Attestation of Compliance for your acquirer.
SAQ selection • Documentation • AoC preparationDeploy encryption, tokenization, MFA, log monitoring, WAF, and access controls. We implement the technical controls PCI DSS 4.0 requires.
Encryption • Tokenization • WAF • MFAContinuous log monitoring, quarterly scans, annual assessments, and policy reviews to keep you compliant 365 days a year — not just during validation.
Continuous monitoring • Quarterly scans • Annual reviewsYour merchant level determines validation requirements. Most businesses are Level 3 or 4 — but all levels must comply with PCI DSS.
| Level 1 | Level 2 | Level 3 ⭐ | Level 4 | |
|---|---|---|---|---|
| Transaction Volume | 6M+ / year | 1M–6M / year | 20K–1M e-comm | <20K e-comm / <1M other |
| Validation | On-site QSA audit | SAQ + ASV scan | SAQ + ASV scan | SAQ + ASV scan |
| Pen Test Required | Yes (annually) | Yes (annually) | Recommended | Recommended |
| Typical Timeline | 3–6 months | 2–4 months | 1–3 months | 1–2 months |
PCI DSS 4.0 is now fully enforced. Here are the key changes every merchant needs to address.
PCI DSS 4.0 is fully in effect. Organizations must be compliant now.
Get Your PCI Assessment →"We were struggling with PCI compliance after our acquirer flagged us for non-compliance. BrightWorks IT came in, properly scoped our CDE, segmented our network, and got us fully compliant with PCI DSS 4.0 in under 3 months. Our acquirer was impressed, and we avoided what could have been devastating fines."
Partner with BrightWorks IT and achieve PCI DSS 4.0 compliance with confidence. Free assessment — no obligation.
