PCI Data Security Standard (PCI DSS)

PCI DSS was developed to encourage and enhance payment card account data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect payment account data.

PCI DSS Documents
Read more about the Standard and its supporting documentation in the PCI SSC Document Library.

Intended Audience
Entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) or could impact the security of the cardholder data environment (CDE). This includes all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers.

Find a PCI SSC qualified assessor:
Qualified Security Assessors (QSAs) are independent security organizations that have been qualified and trained by PCI SSC to perform PCI DSS assessments.
Approved Scanning Vendors (ASVs) are qualified and trained by PCI SSC to conduct external vulnerability scanning services in accordance with the applicable PCI DSS requirement.
Related Training
The Approved Scanning Vendor (ASV) training program, for staff and security personnel of Approved Scanning Vendor companies, is comprised of an in-depth eight-hour online course and exam covering the Payment Card Industry, Payment Card Industry Data Security Standards requirements and scan testing procedures.
Internal Security Assessor (ISA) includes a company-level and individual certification. ISAs receive PCI SSC training to perform internal assessments for their organization and facilitate the consistent implementation of PCI DSS controls.
The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.
Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS.
Whether an entity is required to comply with or validate compliance to a PCI SSC standard is at the discretion of organizations that manage compliance programs, such as a payment brand, acquirer, or other entity. Visit our FAQ page for more information.