getsorted.Check your business
§ Guide

PCI DSS: Payment Card Security: does it apply to you?

Payment Card Industry Data Security Standard (PCI DSS v4.0)

When this applies

Any business that accepts card payments must comply with PCI DSS. If you use a hosted payment provider (Stripe, Square, PayPal), your scope is minimal, but you still need to complete an annual Self-Assessment Questionnaire via your acquirer.

When it does not apply

PCI DSS applies only to businesses that accept, process, or store card payment data.

What is at stake

Card scheme fines, bank penalties, and liability for fraudulent transactions if non-compliant. Breaches can result in losing the ability to accept card payments.

What to do

Complete your annual PCI DSS Self-Assessment Questionnaire (SAQ) via your payment provider. Using Stripe, Square, or similar hosted solutions significantly reduces your PCI scope.

Check all 27 regulations for your business

This is one of 27 checks getsorted runs. Answer around 12 questions and see your full compliance picture in three minutes. Free, no account.

Check your business →

Reviewed: 2026-06-25  ·  Source: official guidance