PCI DSS
Payment Card Industry Data Security Standard (PCI DSS v4.0)
Mandatory security standard for every Canadian business that accepts cards
PCI DSS is a mandatory technical and operational security standard for any organization that stores, processes, or transmits payment card data. Any Canadian merchant — from an e-commerce startup to a national retailer — must comply with PCI DSS. Non-compliance can result in fines, increased transaction fees, and loss of card acceptance privileges.
Who must comply with PCI DSS?
Any merchant or service provider that stores, processes, or transmits cardholder data — regardless of size. Canadian merchants are subject to PCI DSS through their payment processor agreements. E-commerce businesses, restaurants, retailers, and SaaS platforms with in-app payments all must comply.
Not sure if PCI DSS applies? Run a free assessment →
Key obligations under PCI DSS
Network Security
Install and maintain firewalls, segment your cardholder data environment from other networks, and change vendor default passwords.
Protect Cardholder Data
Encrypt cardholder data at rest and in transit. Never store the full CVV or magnetic stripe after authorization.
Vulnerability Management
Maintain anti-malware, patch all systems regularly, and conduct quarterly vulnerability scans.
Access Control
Restrict access to cardholder data on a need-to-know basis. Assign unique IDs to every person with computer access.
Monitoring & Testing
Log all access to network resources and cardholder data. Conduct annual penetration testing on your CDE.
Information Security Policy
Maintain a security policy addressing all PCI DSS requirements. Review it annually and communicate it to all staff.
Penalties & enforcement
Heartland Payment Systems was fined $145M after a breach affecting 130M cards — the largest at the time
Frameworks that often overlap with PCI DSS
Run a free PCI DSS gap assessment
Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with PCI DSS — in under 3 hours. Free forever.
Start free assessment