HomeCompliance › PCI DSS

PCI DSS compliance software for merchants and service providers.

PCI DSS v4.0 pre-loaded with the 12 requirements, customised approach support, scope-and-segmentation register, quarterly ASV scan tracker, annual penetration-test cadence. From €29 a month.

Open the portal See pricing

What is PCI DSS?

PCI DSS v4.0 (Payment Card Industry Data Security Standard). Merchants, service providers, payment processors and any organisation that stores, processes or transmits cardholder data: e-commerce, payment platforms, fintech, hospitality, healthcare with on-site card payments.

Who needs to comply

  • E-commerce merchants accepting card payments online
  • SaaS platforms with embedded payment flows (often Level 4 or service-provider scope)
  • Payment service providers, ISVs, payment-facilitators
  • Hospitality and retail with on-site card terminals
  • Healthcare providers with on-site card payments

Key PCI DSS controls covered by Dazr

Requirements 1-2Network security: firewalls, secure configurations, segmentation of the cardholder data environment (CDE).
Requirements 3-4Protect cardholder data: storage minimisation, encryption at rest and in transit.
Requirements 5-6Vulnerability management: anti-malware, secure development, change control.
Requirements 7-9Access control: need-to-know, unique IDs, MFA, physical access.
Requirements 10-11Monitoring and testing: logging and monitoring, ASV scans (quarterly), internal vulnerability scans, penetration tests (annual), file-integrity monitoring.
Requirement 12Information-security policy, risk assessment, incident response, third-party management, awareness training.

What auditors look for

PCI DSS assessors sample evidence across the 12 requirements over the audit period: quarterly ASV scans actually ran, annual penetration tests happened, segmentation is provably effective, access reviews were performed, change management was followed. Dazr is the system of record.

How Dazr helps with PCI DSS

  • Hold the scope-and-segmentation register with CDE asset list and segmentation evidence
  • Track quarterly ASV scans and annual penetration tests as recurring tasks with vendor evidence
  • Operate the vendor register for service providers with PCI responsibility matrices
  • Run access reviews on cadence with the role and CDE-component scope
  • Hand the QSA a read-only view for the RoC sampling, or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

PCI DSS questions, answered.

Does Dazr replace our QSA?

No. The Report on Compliance (RoC) or the Self-Assessment Questionnaire (SAQ) is signed off by your QSA or your own internal team. Dazr is the system of record they sample from.

Do you support the v4.0 customised approach?

Yes. Each requirement supports both the defined approach and the customised approach with the targeted-risk-analysis evidence link.

What about ASV scans and pen tests?

Dazr tracks the cadence (quarterly external scans, annual penetration tests, change-driven scans) and links to the actual scan reports. The scans themselves are run by your ASV / pen-test vendor.

Where is data hosted?

European Union only. AES-256-GCM at rest. Italian entity, EU jurisdiction. Note: Dazr does not store cardholder data; we hold compliance evidence about your CDE.

Ready to start your PCI DSS program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks