Choose another country to see content specific to your location

//Select Country

PCI DSS (Payment Card Industry Data Security Standard) Certification Mark


Certification of technical and organisational measures / Voluntary assessment

Basis for Certification (certification standard):

Payment Card Industry Data Security Standard

Standard owner:

PCI Security Standards Council, LLC.


What does the standard PCI DSS cover?

The standard PCI DSS defines requirements for the areas of an organisation involved in the storage, processing or transfer of payment card data. These requirements include, but are not limited to:

  • The organisation has defined processes suitable for protecting the payment card information processed.
  • The organisation's IT systems have been configured according to the requirements of the PCI DSS standards and are operated accordingly.

  • What does “certification” and/or the issue of a certification mark for PCI DSS by TÜV SÜD Sec-IT GmbH mean?
    • The customer has submitted to voluntary assessment (audit) according to defined criteria (certification standard).
    • A certificate and/or the authorisation to use a certification mark is only issued if the assessment (audit) does not reveal any major nonconformities with the requirements of the certification standard.
    • The certificates and/or certification marks are valid for a restricted period of time. Interested parties can check the validity of individual certificates in the certificate database of TÜV SÜD Sec-IT GmbH.
    • To maintain certificate validity, the certificate holder must annually complete an announced audit with a positive result.
  • How do we audit?

    Independent and qualified experts (auditors) apply the following auditing techniques:

    • Document review
      Evaluation of the organisation’s requirements and/or documentation to ensure the systematic control of all processes relevant for the handling and management of payment card information.

    • On-site-audit:
      Verification in the form of interviews on-site at the customer's premises that the above requirements are effectively implemented in practice.

    • Technical testing:
      Assessment of the configuration of relevant system by performing appropriate random tests if necessary.
  • What is beyond the scope of certification according to PCI DSS?
    • PCI DSS certification does not constitute product certification. Certification thus does not provide any direct statements on the quality of a product or service of the certified customer.
    • Certification according to PCI DSS does not guarantee that the payment card information will not be lost or illegally changed or that such payment card information will be accessible on demand, even though these are key objectives of the PCI DSS standard.


Management System Certification Marks

Explore here our certification marks

Learn More

Next Steps

Select Your Location





Middle East and Africa