We use cookies to give you the best browsing experience and to help us understand how you use our site. Cookies are small snippets of data stored on your computer and some have already been set. By continuing to use our website you are accepting our use of cookies. To find out more, read about cookies

Please note

We cannot answer specific queries about your account here. For Account queries please

Your selected question

Does PCI DSS apply to me?

The PCI DSS standard applies to all entities that store, process or transmit cardholder data. It is also very little understood that the standard does equally apply to manual processing and storage of cardholder information as well as to electronic methods of storage. You may be storing cardholder information (e.g. card receipt from terminals, emails received which have cardholder details in them) in a way the standard does not allow.

Additionally, PCI DSS compliance applies to a merchant’s overall environment, including any third parties used by the merchant that would store, process or transmit cardholder data. These third parties may include the following:

  • Resellers
  • Till vendors
  • Epos vendors
  • Software Application Providers
  • Payment service providers
  • Payment Processing Bureaux
  • Data Storage Providers
  • Web Hosting Providers
  • Shopping Cart Providers
  • Software Vendors

A merchant can only reach compliance if its ‘in scope’ third parties are also compliant; this can be validated either by obtaining the compliance certificate from the third Party or by including the validation in the merchant self assessment.

Visa Europe and MasterCard maintain independent lists of Third Parties and you should use these when undertaking your own due diligence regarding which partners you wish to engage with.

View the Visa Europe Merchant Agent list. 

View the MasterCard Service provider list.

How useful did you find the answer given?

Not at all Very useful