PCI DSS — Payment Card Industry Data Security Standard
Protect cardholder data and maintain payment security
PCI DSS is the mandatory security standard for any organisation that stores, processes, or transmits payment card data. Non-compliance carries significant fines and the risk of losing your ability to accept card payments.
The Payment Card Industry Data Security Standard (PCI DSS) is developed and maintained by the PCI Security Standards Council (PCI SSC), founded by Visa, Mastercard, American Express, Discover, and JCB. Version 4.0.1 is the current standard, introducing enhanced requirements around customised implementation, targeted risk analysis, and multi-factor authentication.
Compliance is mandatory for any entity that stores, processes, or transmits cardholder data. This includes merchants, payment processors, gateways, and service providers. Non-compliance can result in monthly fines from card brands, increased transaction fees, mandatory forensic audits following a breach, and ultimately the suspension of your ability to accept card payments — potentially catastrophic for any business.
Who Needs It
Who Needs PCI DSS?
E-commerce merchants accepting online card payments
Retail businesses processing in-person card transactions
Payment gateways, processors, and acquirers
SaaS platforms that process payments on behalf of customers
Service providers with access to cardholder data environments
Subscription businesses with stored payment credentials
Key Requirements
What It Covers
Network Security Controls
Install and maintain network security controls including firewalls and network segmentation to protect the cardholder data environment (CDE).
Protect Account Data
Protect stored account data through encryption, tokenisation, and masking. Never store sensitive authentication data post-authorisation.
Vulnerability Management
Protect systems against malware, maintain patching programmes, and implement secure development practices for in-house applications.
Access Control
Restrict access to system components and cardholder data to only those with a business need. Implement strong authentication including MFA.
Network Monitoring & Testing
Monitor all access to network resources and cardholder data. Conduct regular testing of security systems and processes including penetration testing.
Information Security Policy
Maintain a policy that addresses information security for all personnel. Conduct regular security awareness training.
Business Value
Benefits of PCI DSS
Maintain the ability to accept card payments and avoid card brand fines and penalties
Protect customers from payment card fraud and your business from breach liability
Reduce scope and compliance burden through network segmentation and tokenisation
Build trust with payment processors, acquirers, and customers
Satisfy merchant agreement requirements and avoid costly forensic audits
Our Process
How We Help You Achieve It
Scope Reduction
We identify ways to minimise your cardholder data environment (CDE) through tokenisation and network segmentation, reducing compliance complexity.
Gap Assessment
We assess your current controls against the 12 PCI DSS requirements and create a prioritised remediation roadmap.
Remediation
We guide implementation of required controls, policies, and technical safeguards.
Self-Assessment Questionnaire
For eligible merchants, we help complete the appropriate SAQ accurately and completely.
QSA Audit Support
For merchants requiring a Report on Compliance (RoC), we prepare you for and support the Qualified Security Assessor audit.
Ongoing Compliance
We help establish processes for continuous monitoring, quarterly scans, and annual reassessment.
FAQ
Frequently Asked Questions
Ready to Start Your PCI DSS Journey?
Begin with a free cybersecurity gap assessment to understand where you stand, then let our experts guide you to certification.