PCI DSS: Payment Card Security: does it apply to you?
Payment Card Industry Data Security Standard (PCI DSS v4.0)
When this applies
Any business that accepts card payments must comply with PCI DSS. If you use a hosted payment provider (Stripe, Square, PayPal), your scope is minimal, but you still need to complete an annual Self-Assessment Questionnaire via your acquirer.
When it does not apply
PCI DSS applies only to businesses that accept, process, or store card payment data.
What is at stake
Card scheme fines, bank penalties, and liability for fraudulent transactions if non-compliant. Breaches can result in losing the ability to accept card payments.
What to do
Complete your annual PCI DSS Self-Assessment Questionnaire (SAQ) via your payment provider. Using Stripe, Square, or similar hosted solutions significantly reduces your PCI scope.
Check all 27 regulations for your business
This is one of 27 checks getsorted runs. Answer around 12 questions and see your full compliance picture in three minutes. Free, no account.
Check your business →Reviewed: 2026-06-25 · Source: official guidance