Regulation

PCI DSS

The Payment Card Industry Data Security Standard, the scheme-mandated framework for handling cardholder data.

PCI DSS sets controls for any system that stores, processes, or transmits card data. Compliance is assessed at one of four levels by transaction volume. Most merchants minimise scope by tokenising via a PSP-hosted page or iframe so PANs never touch their servers.

Related terms

Tokenisation

Replacing sensitive card data with a non-sensitive surrogate value that can be stored and reused without PCI scope.

Card vault

A PCI-DSS-compliant store of tokenised card credentials that lets a merchant charge a card again without holding the PAN.

Get started

Ready for velocity?

Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.

Apply now Explore the platform