The Art of CTO PCI DSS Checker assesses payment card industry compliance across all 12 PCI DSS requirements for organizations that store, process, or transmit cardholder data.
Frequently Asked Questions
What are the 12 PCI DSS requirements?
The 12 PCI DSS requirements cover: installing firewalls, changing vendor defaults, protecting stored cardholder data, encrypting data in transit, using antivirus software, developing secure systems, restricting data access by need-to-know, assigning unique user IDs, restricting physical access, tracking network access, regularly testing systems, and maintaining an information security policy. PCI DSS 4.0 reorganizes these into more outcome-focused goals while maintaining backward compatibility.
Does PCI DSS apply if we use Stripe or a payment processor?
Yes, but your scope is dramatically reduced. Using a PCI-compliant payment processor like Stripe means cardholder data never touches your servers, reducing your compliance level to SAQ A or SAQ A-EP (the simplest tiers). You still must complete a Self-Assessment Questionnaire annually, ensure your payment pages use TLS, and maintain basic security controls. The key is ensuring no cardholder data is logged, cached, or stored anywhere in your infrastructure.