PCIComplianceCost
Reference / Operator

About PCIComplianceCost.com

An independent reference for the cost of PCI DSS compliance. Operated by Digital Signet, founded by Oliver Wakefield-Smith. Built so the budgeting question can be answered without an email gate, a sales pitch, or a vendor relationship in the way.

Why this site exists

Most top-ranking pages on the PCI compliance cost question are owned by someone selling something: a QSA firm funnelling toward an assessment quote, a tokenisation vendor funnelling toward scope-reduction services, a penetration testing firm funnelling toward an engagement. Useful figures sit behind a form gate; positioning is optimised for the sale.

The intent here is the opposite. Publish defensible cost ranges by merchant level, show the assumption set, source the figures from public reference material, and let the reader make the decision. There is no email gate on the calculator. There is no chat widget.

Who runs the site

Oliver Wakefield-Smith, founder of Digital Signet
Oliver Wakefield-Smith
Founder, Digital Signet

Oliver runs Digital Signet, an independent AI-development studio that builds data-led pricing and decision tools using public datasets. After 20 years as a solutions architect and tech lead across media, utilities, satellite, and data, he founded Digital Signet to apply autonomous AI development methodology to real software at scale.

Reach Oliver: [email protected]. Profile: LinkedIn.

About Digital Signet

This site is operated by Digital Signet, an independent AI-development studio founded by Oliver Wakefield-Smith. It is part of a portfolio of consumer cost-reference and calculator sites we run as a live R&D lab for our Signet methodology, an autonomous AI development team that ships real software at scale.

Digital Signet does not act as a Qualified Security Assessor (QSA), does not sell tokenisation or scope-reduction services, does not run a penetration testing practice, and does not accept paid placements from any vendor in the PCI compliance space. Editorial direction is set by Oliver. Drafts are produced via Digital Signet's autonomous AI development methodology and reviewed against the editorial framework before publication.

For consulting enquiries (fractional CTO, AI product strategy, autonomous-dev-team setup): see digitalsignet.com.

Editorial principles

  • Built on public reference material. PCI Security Standards Council published guidance, QSA firm public day-rate guidance, ASV vendor public pricing, published penetration testing rate cards, public PCI compliance practitioner survey data. See methodology for the full source position.
  • Calculator math is documented inline. The cost calculator on the home page shows the level breakdown, scope inputs, and multipliers used. Nothing is hidden.
  • No paid placements. No supplier sponsorships. Independent of QSA firms, ASV vendors, tokenisation vendors, and penetration testing firms.
  • Update only when the underlying reality changes. PCI DSS major-version transitions (e.g. v4.0 to future versions), council fee changes, and material movement in QSA day-rate ranges trigger a refresh.

Contact

For corrections, methodology questions, or scenarios that don't fit cleanly: [email protected]. There is no newsletter signup, no email gate on the calculator, no chat widget.

Read next

Methodology

Sources and refresh discipline.

Cost calculator

Estimate by level and scope.

Cost by level

Level 1 to 4 breakdowns.