Skip to content
Qashpay Logo

New PCI DSS Level 4 Requiring Mandatory Quarterly ASV Scans


Quaife.net Editor

01 Oct 2024


In today’s rapidly evolving payment security landscape, the Payment Card Industry Data Security Standard (PCI DSS) plays a critical role in safeguarding cardholder data. Recent updates to Level 4 compliance requirements introduce a key change: the mandatory implementation of quarterly Automated Vulnerability Scanning (AVS).

This article explains what these changes mean for your business—and how Quaife can help you stay compliant with confidence.

PCI DSS Compliance Levels Explained

PCI DSS categorises merchants into four levels based on their annual transaction volume. Each level carries distinct security and validation requirements:

  • Level 1
  • Who: Merchants processing over 6 million transactions annually across all channels
  • Requirements: Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA) or internal audit, quarterly network scans, and robust security controls
  • Level 2
  • Who: Merchants processing 1 to 6 million transactions annually
  • Requirements: Annual Self-Assessment Questionnaire (SAQ), quarterly network scans, and a formal risk assessment process
  • Level 3
  • Who: Merchants processing 20,000 to 1 million e-commerce transactions annually
  • Requirements: Similar to Level 2, but tailored for lower volumes; includes SAQ and quarterly scans
  • Level 4
  • Who: Merchants processing fewer than 20,000 e-commerce transactions and up to 1 million transactions via other channels
  • Requirements: Formerly only an SAQ, now includes mandatory quarterly AVS scanning
What’s New: Quarterly AVS Scanning for Level 4 Merchants

The updated PCI DSS framework now requires Level 4 merchants to conduct quarterly Automated Vulnerability Scans (AVS).

AVS proactively examines your IT infrastructure to detect and remediate security weaknesses before they can be exploited. By requiring these regular scans, PCI DSS raises the bar for data protection—even for smaller merchants—ensuring that all businesses maintain a strong security posture.

How This Impacts Level 4 Businesses

While quarterly AVS scanning may initially seem like an added operational burden, it delivers significant benefits:

  • Strengthened defences against data breaches
  • Greater customer trust and brand reputation
  • Reduced risk of costly non-compliance penalties

Ultimately, this shift reflects the industry’s commitment to protecting sensitive data at every scale.

How Quaife Can Help You Stay Compliant

Adapting to evolving compliance requirements can be daunting—especially for small businesses. Quaife simplifies this process by providing comprehensive, end-to-end support:

  1. Expert Consultation
  2. Our security specialists help you interpret PCI DSS changes and understand how they apply to your business.
  3. Efficient AVS Scanning
  4. We conduct thorough quarterly AVS scans to identify vulnerabilities before they become threats.
  5. Actionable Security Reports
  6. After each scan, we deliver clear, detailed reports with prioritised recommendations for remediation.
  7. Ongoing Compliance Support
  8. Beyond scanning, we offer continuous guidance on best practices to keep your security posture strong.
Secure Your Business with Confidence

As the PCI DSS landscape continues to evolve, proactive compliance is essential. The new quarterly AVS scanning requirement underscores the growing emphasis on security—even for lower-volume merchants.

With Quaife as your partner, you can confidently meet these enhanced standards while protecting your customers’ most sensitive information.

Contact us today to learn how we can help you navigate PCI DSS compliance and build a stronger data security strategy.