PCI DSS requirements are applicable if a Primary Account Number (PAN) is stared, processed. or nsmitted. If a PAN is not stored, processed. or transmitted, PCI DSS requirements do not apply. Therefore if your company stores or transfers the PAN (Primary Account Number) which is usually the 16 digit credit card number itself in any way, even if it is only to transmit it directly to areal time payment gateway, or perhaps restore it in someway, then your business must be PCI OSS compliant certified in IN own right.
The applicable PCI DSS criteria is as follows:
Level 1 Visa and MasterCard World Wide transactions totalling 6 million anti up, per year, anti any merchants who have experienced a data breach.
Level 2 Visa and MasterCard transactions totalling 1 million to 6 million per year.
Level 3 Visa and MasterCard e-commerce transactions totalling 20.0 to 1 million per year.
Level 4 Visa and MasterCard e-commerce transactions totalling 1 to 20.000 per year.