Barclays uses cookies on this website. Some cookies are essential to provide our services to you. Other cookies help us to analyse how you use the site, so we can improve your experience on our site. Cookies are stored locally on your computer or mobile device. Please select 'Accept all' to consent to cookies, or select ‘Reject all’ to reject all but essential cookies’, or select 'Manage cookies' to change your preferences. For more information visit our cookie policy.

Does PCI DSS apply to me?

The PCI DSS applies to you if your organisation stores, processes or transmits cardholder data (including manually processed and stored cardholder information). You might even be accidentally storing cardholder data (e.g. receipts from card machines, or emails that contain cardholder details) in a way the Standard does not allow, therefore putting yourself at risk.

PCI DSS compliance applies to your whole cardholder data environment, including any third parties you use that store, process or transmit cardholder data, or that impact the security of cardholder data. These third parties may include the following:

  • Resellers
  • Till vendors
  • Epos vendors
  • Software application providers
  • Payment service providers
  • Payment processing bureaux
  • Data storage providers
  • Web hosting providers
  • Shopping cart providers
  • Software vendors 

You can only achieve compliance if your (in scope) third parties are also compliant. You prove the compliance of your third party suppliers by asking for their compliance certificate and including it in your self-assessment. Read more on third party compliance.

If you’re choosing which third party suppliers to use, Visa Europe and Mastercard have independent lists of Third Party suppliers which might be useful: