PCI DSS
Achieve and maintain PCI DSS v4.0.1 compliance, including the requirements mandatory since March 2025.
v4.0.1 Gap Assessment
Including the requirements mandatory since March 2025
Evidence Preparation
SAQ guidance or a QSA-ready package
QSA Engagement
Supported through the formal assessment
Cardholder-Data Experts
Scope and segmentation specialists
What it is
PCI DSS is the global security standard for organisations that store, process or transmit cardholder data, maintained by the PCI Security Standards Council. The current version is PCI DSS v4.0.1, defining 12 requirements across six control objectives, where segmentation and tokenisation are the biggest levers for cutting both risk and assessment cost.
Who must comply
Any merchant, service provider or processor that handles payment card data: e-commerce, retail, SaaS billing and payment gateways, with the validation level driven by transaction volume.
How IntelligenceX helps
Frequently Asked Questions
PCI DSS v4.0.1, with all future-dated requirements mandatory since 31 March 2025. If your last assessment treated those as best practice, you are out of date and we re-baseline you.
It depends on your merchant or service-provider level. Smaller volumes complete an SAQ, which we guide; higher tiers need a QSA-signed Report on Compliance, which we support.
By keeping cardholder data out of your environment wherever possible: outsource to compliant payment providers, tokenise, and segment networks so only a small, well-defined zone is in scope. We map the data flows first, which routinely moves clients to a simpler SAQ and a fraction of the assessment effort.