PCI-DSS v4.0
PCI-DSS — Payment Card Data Protection
We help companies achieve PCI-DSS compliance. From scope assessment through controls implementation to audit preparation.
What is PCI-DSS?
The Payment Card Industry Data Security Standard (PCI-DSS) is a security standard for payment card data. It applies to every company that stores, processes or transmits cardholder data. Non-compliance means financial penalties, loss of card acceptance capability and liability for data breaches.
SAQ vs ROC — which audit do you need?
Self-Assessment Questionnaire (SAQ) is a self-assessment for smaller merchants. Report on Compliance (ROC) is a full audit conducted by a QSA for large entities (Level 1). We help determine the right validation level and prepare your company.
FAQ — PCI-DSS
Every company that accepts, processes, stores or transmits payment card data. This includes e-commerce, brick-and-mortar stores, payment service providers and SaaS companies handling payments.
A typical project takes 4-8 months depending on the current compliance level and complexity of the cardholder data environment.
SAQ (Self-Assessment Questionnaire) is a self-assessment for smaller merchants. ROC (Report on Compliance) is a full compliance report required for Level 1 — conducted by a certified QSA.
Fines can range from 5,000 to 100,000 USD per month, imposed by card brands. Additionally, the company may lose card acceptance capability and bear responsibility for data breach costs.
Yes, but the scope is narrower. If you use tokenisation and don't store card data, you qualify for the simplified SAQ-A. We help determine the right scope.