Prove you’re PCI compliant now!

Play it safe –
for you and your customers.

Make sure that your customers’ sensitive data is adequately protected during payment processing. Misuse of data can result in fines, legal proceedings, and a damaged reputation. Unzer can help you comply with the PCI regulations. Check your PCI compliance status now!

How the security standard benefits you

Heightened data security

Your customers’ credit card data is under seamless protection against theft. Identity crime is prevented.

Fewer financial losses

You don’t have to worry about fines, legal costs, or claims due to data breaches.

Increased customer trust

The PCI DSS seal shows your customers how important the security of their data is to you, creating more trust.

Unzer PCI compliance check

Is your business PCI compliant? Provide the required proof – in 3 steps.

As a merchant, you are required to provide regular proof of compliance with the PCI DSS security standard. As a payment service provider, we’re also required to ensure that the merchants we process payments for are PCI compliant. Our compliance check is there to help you determine your PCI compliance status. Here’s how it works:


1. Register on the Unzer PCI DSS Platform

We'll send you a personal link so you can register at Fill out the registration form with your company information. We need this information to provide you with the self-assessment questionnaire that’s right for you.

2. Fill out your self-assessment questionnaire (SAQ)

The questionnaire will help you figure out what requirements you still need to meet to become PCI compliant. If you have any questions while filling out the questionnaire, our experts at the PCI DSS Competence Center are happy to help!

3. We inform you of the results

Based on the information you provide in the self-assessment questionnaire, we will determine your compliance status. We’ll let you know if there are any requirements you still have to fulfill in order to become PCI compliant.

What does PCI DSS compliant mean?

The Payment Card Industry Data Security Standard (PCI DSS) is the payment card industry’s security standard. Its strict specifications are intended to protect cardholder data – all major credit card schemes, including Visa, MasterCard, and American Express, have aligned with the standard. It is legally binding for all companies that carry out card-based payment transactions and store, transfer, or process cardholder data.To be considered PCI DSS compliant, you must prove that you meet the standard’s security requirements.

The security standard

Overview of the 12 main PCI DSS security requirements

  • Install and maintain network security controls (firewall).
  • Apply secure configurations to all security-related system components.
  • Protect stored account data.
  • Protect cardholder data with strong cryptography during transmission over open, public networks.
  • Protect all systems and networks from malicious software (e.g. with antivirus software).
  • Develop and maintain secure systems and software.
  • Restrict access to system components and cardholder data by business need to know.
  • Identify users and authenticate access to system components.
  • Restrict physical access to cardholder data.
  • Log and monitor all access to system components and cardholder data.
  • Test security of systems and networks regularly.
  • Maintain a company policy on the topic of information security that all employees observe and follow.
Criteria for PCI compliance

Specific requirements by merchant category

The specific requirements that your business must meet will depend on several factors, including your number of annual transactions, distribution channels, company size, and risk potential.


FAQs on PCI DSS compliance

Who does the security standard apply to?

Everyone who stores, processes, and/or transmits card data must comply with the PCI DSS security requirements, regardless of the size of the organization, merchant or service provider status, and the volume of card transactions. However, the PCI DSS guidelines do not only apply to digital data. Companies are also required to protect payment card and cardholder data that is physically recorded on paper. Organizations that outsource the destruction of data to professional third-party service providers must ensure that these subcontractors are also PCI DSS compliant.

What if I don’t comply with the security standard?

If you fail to comply with PCI DSS, you’ll face serious consequences in the event of a security breach. Companies can expect fines in the six-figure range as well as potentially sky-high legal costs. If Level 2-to-4 merchants and service providers fall victim to security breaches, they are upgraded to Level 1 (see “Merchant category” table). This category entails higher costs, as more in-depth compliance audits are required. What’s more, PCI breaches that go public can cause lasting damage to a company’s reputation and erode customer confidence – with a corresponding loss of business.

What is the self-assessment questionnaire (SAQ) for?

This online questionnaire is a self-reporting tool used to assess compliance with the PCI Data Security Standard requirements. A business’s technical and organizational  measures put in place for compliance with the security standard must be assessed annually. The SAQ looks at the company network’s current and past security status.

What different questionnaires (SAQ versions) are there?

Depending on your integration type, one of the below SAQ versions will be relevant for your company. As part of our compliance check, Unzer will automatically provide you with the right questionnaire.

SAQ Version:


Integration type with Unzer

Payment pages, plug-ins, UI components


Applicable for card-not-present merchants whose cardholder data functions are completely outsourced to a validated (PCI-compliant) payment processor. Eligible e-commerce implementations: When merchant website is entirely hosted and administered by a compliant third-party payment processor, or provides an iFrame to a PCI-compliant third-party payment processor, or contains a URL link redirecting consumers from merchant website to a PCI-compliant payment processor.

SAQ Version:



Applicable for e-commerce merchants that outsource all payment processing to validated (PCI-compliant) third-party providers and have one or more websites that do not directly receive cardholder data but may impact the security of the payment transaction. SAQ A-EP merchants do not electronically store, process, or transmit cardholder data on their systems or premises. Only applicable for e-commerce channels.

SAQ Version:


Integration type with Unzer

Virtual Terminal (MOTO)


Applicable for merchants who only use web-based virtual terminals and do not electronically store cardholder data.

SAQ Version:


Integration type with Unzer

Server-side integration


Applicable to all other merchants not covered by any (of the above) SAQ and all service providers defined by a payment brand as eligible to complete an SAQ.