Compliance · PCI DSS

PCI DSS

The security standard for any organisation that stores, processes or transmits payment card data.

Book a call Take the 2-minute readiness check
A person signing a document at a desk
01

What it is

Protecting cardholder data, proportionate to your volume.

PCI DSS sets the controls for handling cardholder data. Your obligations depend on transaction volume and how you handle card data, from a Self-Assessment Questionnaire (SAQ) up to a full Report on Compliance (ROC) signed off by a QSA.

02

Who needs it

Anyone touching card data.

Any merchant or service provider that stores, processes or transmits cardholder data is in scope, including companies that assume their payment provider handles all of it.

03

How we help

Reduce the scope, then prove it.

  • Scope the environment and, crucially, reduce that scope wherever possible
  • Implement the required controls and assemble evidence
  • QSA assessment delivered through certified assessment partners where a ROC is needed
  • Maintain controls and evidence continuously between assessments

Handling card data?

We’ll help you work out your real scope first. It is usually smaller, and cheaper, than companies expect.

Book a call