PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect cardholder data.


The standards globally govern all merchants and organizations that store, process or transmit this data, and include specific requirements for software developers and manufacturers of applications and devices used in the transaction process.

What do merchants receive in regards to PCI and when?

For all newly boarded accounts, the merchant will receive 4 email notification in total one per week for 4 weeks. The Welcome Email 1 will include the login credentials.

If the account is still non-compliant the merchant will receive emails one email reminder per month until they become compliant.

How do we assist them with becoming compliant?

When does the non-compliance fee begin being billed?

90 days including the first 4 weeks when Nuvei is actively working to get the merchant PCI compliant.

The monthly deadline to become compliant is the 20th of every month

If the merchant becomes compliant before the 20th, the non-compliance fee is not charged. If the merchant becomes compliant after the 20th, they will be charged a non-compliance fee. Nuvei cannot refund merchants for the current month.

The merchant can call PCICare at 1-888-729-7958

As of June 2017, Nuvei's primary vendor of PCI DSS compliance is Conformance Technologies.

Conformance Technologies is a leading vendor of managed business security solutions. 

Merchants will benefit from the company's robust PCI ToolKit, which simplifies compliance and offers Vulnerability Scanning and Data Incident Management programs. Nuvei's choice to partner with Conformance Technologies was based on the solution's ease of use for merchants, excellent self-service tools and outstanding merchant support to elevate compliance levels with minimum interruption. 

Exciting benefits of our partnership with Conformance Technologies include:

  • Familiarity is maintained through Nuvei branding on emails and website, as well as for any registered sub-ISO's who can customize the portal with their own branding.

  • Ability to easily renew the SAQ. If nothing has changed the merchant can renew their SAQ with one click of a button, instead of having to redo their SAQ.

  • Accounts can be automatically linked together, if their Tax ID is the same, when the merchant logs in. This requires that only one SAQ is completed for all linked accounts. Additionally, the attestation needs to be completed only once for all linked accounts, once individual scans have been passed.

  • Automatic, quarterly vulnerability scanning for merchants with IP terminals, virtual terminals and POS systems.

  • A full suite of services that provides expert assistance in the event of a data breach incident, saving time and money while giving peace of mind.

  • Continued support from our in-house team on completing SAQs, as well as the technical department to help remediate scans.

PCI Video Channel