That's right; we now support PCI DSS — also known as Payment Card Industry Data Security Standard—which was created by VISA, AmEx, MasterCard, and Discover to increase cardholder data controls and secure credit and debit card transactions against fraud and data theft.

If you're a merchant who accepts or processes payment cards, you must comply with PCI DSS. But don't worry, Strike Graph is here to help — whether you’re self-assessing or getting an external assessment.

We can provide support on your PCI DSS journey by helping you complete a Self Assessment Questionnaire using the Strike Graph interface, providing a Gap Assessment, completing audits for Level 1 businesses with a QSA, and submitting your report.

Here's what our CEO and co-founder Justin Beals has to say:

“We're excited to offer support for PCI DSS due to an increase in market demand from our customers. This new certification is a crucial step to protect customer data—whether you're a startup or large enterprise company."

What is PCI DSS?

At its most basic, PCI DSS is a set of mandatory technical and operational requirements for any merchant that stores, processes, or transmits cardholder data.

We're currently on Version 3.2, but Version 4 will be released later in 2022—although it won't be ‘assessed’ until late 2023. This means if your business complies with version v3.2.1 now, it will remain active for two years after v4.0 is published, or until 2024.

PCI DSS and SOC 2

If you already comply with another framework, such as SOC 2, HIPAA, or ISO 27001, you are able to leverage the controls and evidence items from these to make PCI DSS compliance more efficient.

That's because, with the Strike Graph Control Library, SOC 2 and PCI requirements share controls and evidence items. In fact, 60% of PCI controls are also covered by SOC 2 controls.