This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

PCI DSS: Are you taking payment security seriously?

A short introduction to the Payment Card Industry Data Security Standard (PCI DSS) and how it applies to your business or organisation.


Payment card security matters

Unveiled in 2004, the PCI DSS is the result of collaboration between the major credit card brands: American Express, Discover, JCB, Mastercard and Visa. It was developed to encourage and enhance cardholder data security, and to facilitate the broad adoption of consistent data security measures involved in payment card processing.

As a general guideline, any merchant or service provider that stores, processes or transmits cardholder data is required to comply with the Standard.

Although the Standard is technically complex to implement, it is based on common information security practices. Broken down into 6 major security goals with 12 areas of focus, the PCI DSS could impose a possible 288 requirements on your organisation.

As an authorised Qualified Security Assessor (QSA), we can advise on challenging aspects of the PCI DSS. Our cost-effective and customised advisory services provide a tailored route to PCI compliance, scalable to your budget and needs.

View our free resources

Why is compliance important?

If implemented correctly, the PCI DSS can help organisations secure their data. It provides a baseline of security requirements, which lets organisations know what action they should take.

One of the benefits of the PCI DSS is that it provides a detailed action plan that can be applied to organisations of any size or type, and any method of storing payment card data.

Any merchant that breaches the Standard could face serious consequences, including fines, litigation and reputational damage.

Your validation requirements

The exact PCI DSS compliance requirements vary depending on the annual number of card transactions processed by the organisation

Quarterly ASV scanning

Yearly self-assessment questionnaire (SAQ)

Annual on-site QSA audit


For merchants:


For organisations processing fewer than 6 million card transactions annually

For organisations processing more than 6 million card transactions annually

For service providers:


For organisations processing fewer than 1 million card transactions annually

For organisations processing more than 1 million card transactions annually

Solutions to help pave the way to compliance

PCI consultancy and audit

Our team of QSAs can help your organisation prepare to pass and deliver the annual audit, or help you build a cardholder data environment (CDE) and infrastructure that meets the requirements of the Standard.

Find out more

SAQ validation and support

For merchants that are permitted to simply complete an SAQ, we can offer an all-inclusive assistance programme that includes expert online consultancy support and advice, PCI policies and procedures, approved quarterly scans, and staff training resources.

Find out more

Penetration testing

PCI DSS compliance, especially for reports on compliance (RoCs) and some SAQs, requires frequent internal and external penetration tests. Our CREST-accredited penetration testers can help ensure that your organisation is prepared for the full range of attacks you may face.

Find out more

ASV scanning

Our HackerGuardian Scanning Service is a vulnerability assessment scanning solution designed to identify vulnerabilities to help achieve and maintain PCI compliance. Administrators have complete control over their scanning service and use a secure online console to schedule and run scans.

Find out more

Policy and procedure development

Our PCI DSS Documentation Toolkit provides all documentation required by the Standard. Designed by a leading QSA, this toolkit contains expert guidance, advice and all necessary, fully customisable documentation templates you will need to keep your payment card operations running smoothly and securely.

Find out more

Security awareness training and education

The PCI DSS requires merchants and service providers to implement a formal security awareness programme. IT Governance’s PCI DSS awareness and training courses range from increasing your employees’ knowledge to providing practical coverage of implementing a compliance programme.

Find out more

Why choose IT Governance for PCI consultancy?

Our services provide a tailored route to PCI compliance, scalable to your budget and needs.


We go further than a simple ‘yes/ no’ approach to understand better how security measures work.

We work in partnership to help you understand what is required and why giving you control.

We can offer expertise to vet compensating controls and determine whether they are acceptable.

"IT Governance were very professional and pragmatic in their approach, and displayed a level of understanding of our business that we found unique and refreshing.” Damien Everard, COO of Appletree.

Companies using our PCI DSS products and services:

Speak to an expert

We have a team of account managers and security consultants to discuss your PCI DSS challenges. For more information, please contact us.