Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is a Global Card Scheme initiative. It aims to ensure that every entity that handles, stores or processes cardholder data does so in a secure way.


  • Combines the security standards for cardholder data at Mastercard and Visa

  • Is endorsed by American Express, JCB and Diners Club

A major focus for PCI DSS is the technology that is used to collect, store and process card data. This makes PCI DSS compliance particularly important for merchants operating the Direct integration model, who collect and store payment details on their own systems.

The levels of PCI DSS depend on:

  • The number of transactions you process, per card scheme, in each of your channels (such as eCommerce, point of sale, MOTO)

  • The way you integrate with us

Your integration with us involves these relative levels of PCIDSS:

In the Hosted integration model, Worldpay is principally responsible for the collection, storage and processing of cardholder data. This helps to reduce your costs for implementing the security measures needed for full PCI DSS compliance. For further details, talk to your Relationship Manager. Note that Worldpay is not the assessor - you must get your own level of PCI DSS compliance assessed independently.

For more information about PCI DSS, including its hardware and software standards, see the PCI Security Standards website. To help you comply with PCI DSS, the PCI Security Standards website also lists PCI-approved Quality Security Assessors (QSAs), who can advise on your system’s security (a chargeable service). Worldpay is not responsible for the content or operation of external websites.