Compliance & Frameworks
PCI-DSS
The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards required by card brands (Visa, Mastercard, etc.) for organizations that store, process, or transmit cardholder data. Requirements include maintaining a firewall, encrypting data in transit and at rest, using MFA, and quarterly vulnerability scans. Non-compliance can result in fines from card brands and loss of ability to process payments. Version 4.0, released in 2022, added requirements for targeted risk analysis and modern authentication.
Official documentationWhy it matters for your website
- 1Required for selling to enterprise customers or regulated industries
- 2Non-compliance can result in fines, loss of contracts, or reputational damage
- 3Certification provides a third-party validation of your security posture