PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) applies to any organization that stores, processes, or transmits cardholder data. PCI DSS v4.0.1, the current version, introduced significant changes including customized validation approaches, targeted risk analyses, and new requirements for authentication, encryption, and security awareness. Whether you are completing a Self-Assessment Questionnaire (SAQ) or preparing for a Report on Compliance (ROC) with a Qualified Security Assessor (QSA), the requirements are detailed and enforcement is real.

Top Floor performs gap assessments against PCI DSS v4.0.1, identifies your cardholder data environment (CDE) boundary, and builds a remediation roadmap that addresses findings by priority and implementation effort. We help you reduce your CDE scope through network segmentation, tokenization, and architecture decisions that minimize the number of systems in scope.

Several requirements that were previously designated as best practices became mandatory on March 31, 2025, and are now in full effect. Organizations that have not addressed them are subject to findings during assessments. We identify any gaps against these now-mandatory requirements and prioritize remediation accordingly.

Frameworks: PCI DSS v4.0.1, PCI Software Security Framework (SSF), PCI PIN Security