top of page

PCI-DSS

We fully embrace PCI Security Standards Council’s Payment Card Industry Data Security Standard (PCI-DSS) — the globally recognised framework for safeguarding cardholder data and securing payment processing environments. Any organisation that accepts, processes, stores or transmits credit or debit card information must align with PCI-DSS requirements.

What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI-DSS) is a comprehensive set of security requirements designed to:

  • Protect cardholder data throughout its lifecycle,

  • Ensure secure network and system configurations,

  • Enforce strong access control and authentication,

  • Maintain vulnerability management and monitoring, and

  • Implement ongoing testing and risk assessment procedures. 

PCI-DSS applies to all organisations involved in payment card processing — from merchants and gateways to software platforms handling payment transactions. Compliance is not a one-time task but a continuous commitment to maintaining a secure environment.​

What is PCI-DSS 4.0?

PCI DSS 4.0 emphasises security as an ongoing process, moving from periodic checks to continuous monitoring and risk management. is now mandatory as of March 31, 2025, with phishing-resistant methods encouraged, according to the PCI Security Standards Council. Non-compliance with the standard risks ; 

  • significant financial penalties (fines up to $100k/month),

  • higher transaction fees,

  • severe reputational damage,

  • loss of customer trust, and

  • losing the ability to process card payments, leading to legal action and devastating revenue loss from increased data breach likelihood and costs.

PCI-DSS Compliance at ish

Secure Payment Processing

Secure in all ways

ish onCourse is compliant with the most recent and proposed PCI DSS 4.01 standards. Our systems are designed to accept, process, and transmit payment card data in a secure environment that adheres to PCI-DSS principles, including encryption and transmission protections.

Continuous Compliance

Yearly attestation reviews

PCI-DSS is not just about having security controls in place once — it’s about maintaining those controls, validating them regularly, and continuously improving your security posture. This includes routine vulnerability scans, internal reviews, staff training and documented security policies. 

Our commitment to continuous compliance ensures that your business is protected today and into the future.

You may find our Attestation of Compliance (AOC) here.

How to Make Sure You're Compliant

Be prepared to answer the complaince question wqhen your asked:

To ensure compliance, companies must document and verify that both internal teams and third-party suppliers have completed these steps:​

  1. Document and validate scope,

  2. Implement strengthened authentication,

  3. Transition to continuous security monitoring,

  4. Perform targeted risk analyses (TRA),

  5. Enhance testing and maintenance, and

  6. Manage third-party risks. 

 

The PCI Security Standards Council (PCI SSC) is the primary authority for all compliance documentation and training. Information on what compliance means to you can be found here. Alternatively, you can contact a Qualified Security Assessor (QSA) or Consultant. 

bottom of page