We use cookies to give you the best browsing experience and to help us understand how you use our site. Cookies are small snippets of data stored on your computer and some have already been set. By continuing to use our website you are accepting our use of cookies. To find out more, read about cookies

Please note

We cannot answer specific queries about your account here. For Account queries please

Your selected question

Does PCI DSS apply to me?

The PCI DSS applies to you if your organisation stores, processes or transmits cardholder data (including manually processed and stored cardholder information). You might even be accidentally storing cardholder data (e.g. receipts from card machines, or emails that contain cardholder details) in a way the Standard does not allow, therefore putting yourself at risk.

PCI DSS compliance applies to your whole cardholder data environment, including any third parties you use that store, process or transmit cardholder data, or that impact the security of cardholder data. These third parties may include the following:

  • Resellers
  • Till vendors
  • Epos vendors
  • Software application providers
  • Payment service providers
  • Payment processing bureaux
  • Data storage providers
  • Web hosting providers
  • Shopping cart providers
  • Software vendors

You can only achieve compliance if your (in scope) third parties are also compliant. You prove the compliance of your third party suppliers by asking for their compliance certificate and including it in your self-assessment. Read more on third party compliance.

If you’re choosing which third party suppliers to use, Visa Europe and Mastercard have independent lists of Third Party suppliers which might be useful: :

Find out more about PCI DSS.

How useful did you find the answer given?

Not at all Very useful