Nomad has always prioritized security—for our customers (and their customers) who rely on our B2B eCommerce sites and portals. For those accepting credit card payments through Nomad’s checkout or customer payment portal, one question often comes up: Is Nomad PCI compliant?

The answer: Yes. Nomad eCommerce is PCI DSS Level 1 compliant—the highest possible designation for a service provider under the Payment Card Industry Data Security Standard.

Compare PCI Level 1 Compliance vs. Level 2 Compliance

The PCI DSS framework differs for merchants (who accept payments) and service providers (who support those transactions). Nomad falls into the service provider category—because we handle the secure transmission of credit card data through our platform on behalf of our customers.

For service providers, there are two levels of compliance:

• Level 2 applies to providers handling fewer than 300,000 transactions annually. It involves a self-assessment, quarterly scans, and some basic documentation.
• Level 1 is for providers processing more than 300,000 transactions annually. It requires a formal audit conducted by a Qualified Security Assessor (QSA), quarterly scans by an Approved Scanning Vendor (ASV), annual penetration testing (i.e. someone trying to hack into our platform), internal security reviews, and a signed Attestation of Compliance (AOC).

Level 1 isn’t something you claim—it’s something you prove. Nomad meets every one of these requirements. We didn’t just check boxes on a self-assessment—we passed one of the most rigorous security assessments in the industry. And we did it in weeks—not months—because the foundation was already there.

Why It Matters to Be PCI Level 1 Compliant in B2B eCommerce

Today, about 15% of transactions on our platform are paid by credit card; most are paid on terms or through ACH/check. But regardless of method, the volume of transactions—and the sensitivity of the data involved—requires top-level security.

• If you offer credit card payments, Level 1 compliance means your checkout is backed by verified, big company-level protections.
• If you only offer ACH or terms, it still signals that your platform partner (Nomad) operates with a fully-audited, security-first infrastructure.
• For your IT and finance teams, working with a certified Level 1 service provider (us) makes security reviews easier and helps “check the box” when payments are part of the conversation.

Bottom line: PCI DSS Level 1 Compliance gives your business a clear, recognized standard for handling credit card data—especially important as more B2B payments move online.

The Nomad eCommerce Platform Was Built Secure from the Start

We didn’t retrofit Nomad to meet Level 1 standards—we built it with secure architecture and best practices from day one. Level 1 just made it official.

Need proof? Want our Attestation of Compliance (AOC)? Reach out—we’ll send it over.