What is PCI DSS Compliance?

PCI DSS compliance

The Payment Card Industry Data Security Standard (PCI DSS) helps you protect cardholder details, reduce fraud, and minimize the chances of a data breach resulting from malicious attacks. Complying with the requirements helps you maintain your customer’s trust.

Every year, every business must make sure they comply with PCI DSS by completing one of the official PCI DSS validation documents. There are significant penalties and costs for businesses that don’t comply with the requirements.

Who needs to be compliant?

PCI DSS applies to every business that collects, processes, stores, or transmits cardholder data.

PCI DSS applies also to acquirers and service providers. The use of service providers does not relieve you of the ultimate responsibility for your own PCI DSS compliance. Remember to manage the relationship with the service provider as described in PCI DSS requirement 12.8.

PCI DSS requirements

You outsource most PCI DSS responsibilities to Adyen and reduce your PCI DSS scope when using our encrypted solutions.

However, because you accept credit card payments on your website, app, or physical store, your integration with Adyen doesn’t completely eliminate your PCI DSS scope and responsibilities must be validated annually.

You’re responsible for making sure that cardholder data is secure and protected before the data reaches Adyen. Depending on your integration, you also have to comply with cardholder data storage requirements.

Note: Using service providers does not relieve you of the ultimate responsibility for your own PCI DSS compliance.

Our responsibility

Adyen meets the highest standard of security. We’re a PCI DSS Level 1 Service Provider, with PCI DSS compliance assessed by an independent Qualified Security Assessor (QSA) annually.

Adyen is solely responsible for the security of cardholder data only as soon as Adyen receives the data through the relevant payment interface. After Adyen receives your shoppers' cardholder data, the data is contained in a PCI DSS Level 1 Service Provider Cardholder Data Environment.

Note: A new version of PCI DSS, v4.0, was released on 31st March 2022. We’re working hard in the background to do a full assessment of the new standard. Adyen customers will be informed accordingly of any key changes.