Call us 0800 035 3395
Cart Portal
Search

Can’t find what you’re looking for? Call our specialists on 0800 035 3395.

Top results for ''

View all ()

No results for ''

Please try searching again with a different term, visit our FAQs or get in touch.

Product has been added to your cart

View Cart
4.9/5

PCI DSS certification vs PCI DSS compliance: What’s the difference?

When buying goods or services, you deserve the assurance that the merchant or vendor you buy from will take every possible measure to safeguard your bank details and financial information. PCI DSS certification gives consumers the firm reassurance that payment information is kept secure every step of the purchase process.

Shredding standards

Payment Card Industry Data Security Standards (PCI DSS) is a set of standards that all businesses that process, transmit or store cardholder data must adhere to to keep payment information secure. The standards were set out by the Security Standards Council, which is comprised of founder members American Express, Visa, MasterCard, and JCB Co., Ltd.

Businesses in breach of these standards could face serious consequences. While PCI DSS compliance isn’t technically a legal requirement, it is enforced through contractual agreements between merchants and their bank or card issuers. Not adhering to the standards could result in fines, legal proceedings and higher fees for accepting card payments. It could even result in a ban on accepting card payments altogether. If non-compliance results in a data breach, there could also be additional fines from the Information Commissioner’s Office. There are also secondary impacts to think of, such as loss of customer trust and reputational damage.

There are notable differences between PCI DSS compliance and PCI DSS certification.

We highlight the main differences in the table below.

PCI DSS compliance vs. PCI DSS certification

PCI DSS compliance

PCI DSS certification

Self-assessed

Assessed by a Qualified Security Assessor

Typically takes less than one month to complete a self-assessment

Can take up to 6 months for a full audit

A claim of compliance

Provides proof of compliance

As you can see from the table above, PCI DSS compliance relies heavily on the capability of internal teams to self-audit complex payment information protection systems. PCI DSS certification, on the other hand, gives a thorough and unbiased audit as proof of compliance. While the criteria for both assessments are mostly the same, the certification process gives concrete proof that the company being audited is taking all measures to protect payment information. With self-assessed compliance, the self-certification process is much less thorough and relies on consumer trust. You have to just put your faith in the company that says its own auditing measures are adequate. There is no proof.

Shred Station is a PCI DSS Level 1 Service Provider certified, which is the highest certification available. Our PCI DSS certification, viewable on our accreditations page, gives our customers total reassurance that their payment information is treated with the highest levels of protection.

We recommend all customers look for PCI DSS certification rather than compliance when buying goods or services from any business.

Quick Quote Form