PCI Resource Center

PCI DSS requirements are designed to protect sensitive payment data, but their complexity can be difficult to manage. Whether you’re researching niche questions or PCI basics, this resource page is designed to provide answers to all your PCI questions.

Request a Demo Get the PCI Compliance Guide

PCI DSS Basics

What changes are being made in PCI DSS 4.0?

PCI DSS 4.0 is here, and there are many changes you should be aware of. Learn the important details in this blog post: PCI DSS 4.0: The Seven Change You Need to Know Now.

What is PCI DSS?

Learn all the basics about PCI DSS, and how to become compliant in this blog: PCI DSS 4.0: How to become PCI Compliant.

Who needs to be PCI Compliant?

Any organization that accepts, handles, stores, or transmits cardholder data must be PCI compliant. Learn more in this blog post: Who needs to be PCI Compliant?

What happens if I’m not PCI Compliant?

PCI DSS is a set of regulations, not a law. Even so, noncompliance can have major consequences. Learn about them in this blog: 5 Consequences of PCI Noncompliance.

How do I make PCI Compliance Easier?

The secret to making your next PCI audit a breeze is reducing the scope of your audit. Learn all about reducing your scope in this blog: PCI Descoping: The Ultimate Guide to PCI Compliance.

Customer Stories

Tablet Hotels

Tablet Hotels instantly reduced its PCI footprint and saved tens of thousands of dollars in development costs.

Read the Story

Oklahoma Turnpike Authority

OTA’s PCI Audit took 50% less time for 80% fewer people after their partnership with IXOPAY.

Read the Story

Orvis

Orvis reduced their PCI scope by 90%, significantly reducing their compliance and security efforts with IXOPAY.

Read the Story

Additional PCI Resources

Why is PCI Compliance important?

PCI DSS protects cardholder data from malicious actors looking to steal customer payment information. Learn more about how PCI DSS safeguards against data theft in this blog: How does PCI DSS Protect Cardholder Data?

What kind of support is available for PCI Compliance?

There are many different companies and individuals, like TokenEx, that can reduce the burden of PCI Compliance. Learn about all of the different kinds of support in these blogs:

Is PCI Compliance Important for Online and Mobile Payments?

Online and mobile payments are subject to PCI Compliance, learn more about the requirements in this blog: Why do Online and Mobile Payments Require PCI Compliance?

How do I comply with PCI DSS with Multiple Processors?

Complying with PCI DSS when you use multiple processors can be tricky. Learn more about the process in this blog: Maintaining PCI Compliance when Using Multiple Processors

What are the PCI DSS Requirements for Call Centers?

Call centers that take payment information are subject to PCI DSS. Learn how to achieve call center PCI compliance in this blog: 5 Ways to Achieve Call Center PCI Compliance

What Important PCI DSS Definitions Should I Know?

Here’s a list of some of the top PCI DSS definitions you’ll come across as you dig into the complexities of PCI DSS:

Do you have a checklist to keep track of audits?

Yes! Check out our PCI audit checklist.

Recommended QSAs

Customers frequently ask TokenEx to help with their PCI audit. While TokenEx is the perfect tool to make your PCI audit easier, we suggest these Qualified Security Assessors (QSAs) if you need guidance through your next PCI DSS audit.

Kyte

A-Lign

John Bowman

3FACTOR

Spyro Malaspinas

Truvanits

Jeff Hall

The Ultimate PCI Compliance Guide

Looking for a complete overview of PCI DSS? Download our free PCI DSS Compliance guide here, no email or sign up needed.

Download Now Contact Us

Partner	Name	Description	Duration
IXOPAY GmbH	cookiesConsent	Cookie Banner. Stores your cookie settings.	12 Months
IXOPAY GmbH	_fm	User centric security cookie to detect authentication abuses. Filters out computer/bot generated Website requests.	30 Minutes
Google Ireland Limited	reCAPTCHA	User centric security cookie to detect if a human being or a computer is making a specific entry in our contact or newsletter form.	6 Months
Cloudflare Inc.	cf_clearance	Used by Cloudflare (Website Security Network) to identify trusted web traffic, and protect our website against malicious activity (see Cloudflare's Cookie Informations).	30 minutes

Partner	Name	Description	Duration
Google Ireland Limited	_ga	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	2 years
Google Ireland Limited	_gid	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	24 h
Google Ireland Limited	_gat_ua-keynumber	Analytical cookie set by the service Google Analytics used to throttle the request rate, limiting the collection of data on Websites with high traffic.	Session
Google Ireland Limited	_ga_container-id	Cookie set by the service Google Analytics 4. The cookie is used to persist session state.	12 month
Microsoft Ireland Operations Limited	Clarity	Analytical service capturing your interactions on the Website such as how the page has rendered and what interactions you had on the Website (surfing behavior: mouse movements, clicks, scrolls). Microsoft collects or receives personal data from us to provide Microsoft Advertising (see Microsoft Privacy Statements). Sensitive content such as passwords, usernames, and user input are masked before sending to Microsoft.	12 months
Dealfront Group GmbH	_lfa	Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Leadfeeder only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visit data is aggregated Dealfront Group GmbH / Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Dealfront only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visitor data is aggregated on the company level (no reference to natural persons). Via a connection to Google Analytics, Dealfront shows company visitors' interactions on the Website (pages viewed, visitor source and duration of session). Dealfront also enriches that company data with contact data for individuals from publicly available data sources (eg. LinkedIn).	24 months

Partner	Name	Description	Duration
Google Ireland Limited	_gcl_au	Conversion-cookie set by the service Google Ads for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners.	3 months
Google Ireland Limited	_gac_gb_container-id	Cookie which connects Google Analytics und Google Ads. Google Ads website conversion tags will read this cookie.	90 days
Microsoft Ireland Operations Limited	Universal Event Tracking (UET)	Conversion-cookie set by the service Microsoft Advertising for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners. In general, the cookie in the relevant domain and your IP address are passed to Microsoft with every http request and not just via UET.	13 months

PCI Compliance Audits Made Easy

PCI DSS Basics

Customer Stories

Additional PCI Resources

Recommended QSAs

The Ultimate PCI Compliance Guide