Choose another country to see content specific to your location

//Select Country

PCI DSS Compliance & Certification

Payment Card Industry Data Security Standard

As a Qualified Security Assessor (QSA) company registered with PCI DSS Standards Security Council (SSC) and empaneled by CERT-In, we facilitate end to end PCI audits, certification and training for organisation's to become PCI DSS compliant.


About Payment Card Industry (PCI) Data Security Standards - PCI DSS Certification


To ensure payment card information is not compromised and provide all parties involved with the best possible protection against data misuse, credit card schemes have introduced a safety standard for the handling of payment card and transaction information. This standard, known as Payment Card Industry Data Security Standard or PCI DSS, applies equally to banks (issuers and acquirers), payment service providers, hosting providers, merchants, and payment application providers. Compliance with these PCI DSS standards is verified at regular intervals. Parties who cannot furnish proof of PCI DSS certification are not permitted to process payment card information.

We offer comprehensive advice, preparation, auditing, and verification of your security measures, thereby supporting you in all requirements for PCI DSS certification. If you meet the PCI DSS standards, as an accredited certification body we can supply you with the TÜV SÜD certification mark and all evidence required by the credit-card schemes.


What is PCI certification?


The PCI standards define technical and organizational requirements for the storage, processing, and transfer of cardholder information. These standards apply to all parties involved in payment-card processing. The PCI standard also applies to organizations involved in the operation or provision of infrastructure, data centers, and other security-relevant components. For PCI conformity, organizations must fulfill certain criteria and thus provide appropriate evidence.

We differentiate between PCI DSS and PA DSS certification, with the latter applying exclusively to manufacturers of payment software (Payment Application Data Security Standard).

PCI DSS Certification Requirements at a Glance

PCI certification requirements are laid down in a standard comprising 12 clauses. To establish a relationship of mutual trust with customers and merchants, all these requirements must be observed and verified at regular intervals. The individual PCI requirements are:

  • Installation and maintenance of a firewall configuration to protect cardholder data
  • No vendor-supplied defaults for system passwords and other security parameters may be used
  • Stored cardholder data must be protected
  • Cardholder data and other sensitive information must be encrypted for transmission across open, public networks
  • Antivirus programs must be used and regularly updated
  • Secure systems and applications must be developed and maintained
  • Access to cardholder data must be restricted according to the need-to-know principle
  • All individuals with computer access must be assigned clear user authentication
  • Physical access to cardholder data must be restricted
  • Comprehensive tracking and monitoring of all access to cardholder data and network resources
  • System and process security must be regularly tested

TÜV SÜD Services: PCI certification and compliance


To ensure you can always work in conformity with the PCI standard and benefit from highest security measures, we offer the necessary solutions for PCI DSS or PA DSS certification and a number of additional benefits. Selected services include

  • Technical advisory for all issues and steps of PCI DSS compliance
  • Seminars, training and workshops
  • Compliance portal for merchants, service providers, and acquirers to provide efficient evidence of compliance with the requirements
  • On-site audits carried out by a qualified security assessor (QSA)
  • Vulnerability scans performed by an approved scanning vendor (ASV)
  • Awareness training (eLearning)
  • Support with completing the PCI Self-Assessment Questionnaire (SAQ)
  • TÜV SÜD certification mark for certified organizations 

Why choose TÜV SÜD for PCI DSS Compliance & Certification?


Our solutions cover all PCI DSS standards, supporting you on your way to PCI certification. Contributing our know-how in the auditing of information security and our experience in the payment-card industry we guarantee that you are on the safe side in matters of payment security. Our comprehensive services enable you to implement effective security systems.

Our references in the finance and payment industry, among banks, commerce, and e-commerce show off our extensive experience in payment security.

As the relevant industry standard, the PCI DSS standard also supports all organizations that process payment cards, helping them to reach compliance with the relevant GDPR requirements.


Our accreditations with the PCI Council


Our accreditations with the PCI Security Standards Council and the payment card schemes authorize us to assist you with all aspects of reaching PCI certification and to issue the PCI certificate.


PCI Compliance

Payment Card Industry compliance

Maintain the integrity of your customers' information



Next Steps

Select Your Location





Middle East and Africa