The Payment Card Industry Data Security Standard is a set of security requirements for organizations that store, process, or transmit cardholder data. The current major version is PCI DSS v4.0.
The Payment Card Industry Data Security Standard is a security standard maintained by the PCI Security Standards Council for any organization that stores, processes, or transmits cardholder data. It is organized into six goals and twelve high-level requirements, and the current major version, v4.0, introduced a more flexible 'customized approach' alongside the traditional defined approach. Validation rigor scales with transaction volume.
How you validate depends on volume: smaller entities may complete a Self-Assessment Questionnaire (SAQ), while larger ones undergo a Report on Compliance (ROC) by a Qualified Security Assessor. Scope reduction is often the biggest lever on effort.
Public information about the framework itself. We don't claim certifications, assessment status, or authorizations for our own product.
How the platform supports your PCI DSS program — from first scope to ongoing monitoring.
Identify where cardholder data flows and minimize the systems in scope.
Connect each requirement to tests and the evidence that demonstrates it.
Keep in-scope systems and configurations monitored so they stay compliant between assessments.
Organize evidence for an SAQ or a QSA-led ROC depending on your level.
Public, high-level control or requirement areas — for orientation, not a complete control list.
PCI DSS shares controls with frameworks you may already run. A passing test can satisfy requirements in more than one place — so adding the next framework means reusing work, not repeating it.
PCI DSS v4.0 is the current major version; it added a customized-approach option alongside the defined approach.
A Self-Assessment Questionnaire is used by lower-volume entities; a Report on Compliance by a Qualified Security Assessor applies at higher volumes.
Reducing the cardholder data environment scope is usually the most effective way to lower both effort and risk.
Get a guided demo, or start by scanning any domain for free.