PCI DSS Applicability Information

PCI DSS applies to all entities involved in payment card processing – including merchants, processors, financial institutions, and service providers, as well as all other entities that store, process, or transmit cardholder data and/or sensitive authentication data.

Cardholder data and sensitive authentication data are defined as follows:

PCI Applicability

The primary account number is the defining factor for cardholder data. If cardholder name, service code, and/or expiration date are stored, processed or transmitted with the PAN, or are otherwise present in the cardholder data environment, they must be protected in accordance with applicable PCI DSS requirements.

Course Merchant – PCI Compliance Information

Course Merchant is PCI Compliant. Your PCI Compliance Scope through using Course Merchant is SAQ-A. We are able to provide completed SAQ-A and SAQ-A Attestation of Compliance (AoC) documents if required.

A major requirement of PCI Compliance is security of data and ensuring internal information security policies are fit for purpose. Course Merchant have optionally chosen to become ISO 27001 Information Security Management certified. Our certificate is available upon request.

Please contact us to request our SAQ-A, our Attestation of Compliance or our ISO 27001 Information Security Management certificate.

Further Information

Please see https://www.pcisecuritystandards.org, or visit https://www.pcisecuritystandards.org/document_library for the most recent PCI information.


We're happy to offer focused webinars specific to your requirements.