# PCI Compliance

Xplor Pay prioritize Payment Card Industry Data Security Standard (PCI DSS) compliance to protect payment data across all transaction channels—online, in-store, or mobile. We provide merchants and software partners with tools to meet regulatory requirements efficiently.

## What is PCI DSS? <a href="#what-is-pci-dss" id="what-is-pci-dss"></a>

PCI DSS is a set of security standards designed to protect cardholder information during processing, storage, and transmission. Compliance with PCI DSS is crucial for:

* **Preventing Data Breaches:** Protects your business and customers from data theft and fraud.
* **Reducing Financial Risks:** Helps minimize the financial losses and penalties linked to security breaches.
* **Building Customer Trust:** Demonstrates your commitment to securing sensitive payment data.

## Who needs to comply? <a href="#who-needs-to-comply" id="who-needs-to-comply"></a>

* **Merchants:** Any business that accepts payment cards must follow PCI DSS requirements to protect cardholder data.
* **Software Vendors:** Businesses that develop and sell software involved in payment transactions must comply with:
  * PCI DSS requirements
  * Software Security Framework (SSF) guidelines for secure coding practices and data protection

These complementary standards work together to protect payment information and the software vendors who integrate payment capabilities into their products.

For more information on which of the PCI standards apply to you, see [Who Needs to be PCI Compliant?](https://xplorpay.com/insights/pci-compliance/)

## Reduce compliance complexity <a href="#reduce-compliance-complexity" id="reduce-compliance-complexity"></a>

While PCI DSS compliance is mandatory, additional security measures can simplify the process and strengthen your data protection strategy.

Our multi-layered security approach helps merchants and software vendors improve data protection, simplify PCI compliance, and reduce the risk of security incidents. Key solutions include:

* [**Tokenization**](/getting-started/security-solutions/tokenization.md)**:** Replaces sensitive payment data with randomly generated tokens, reducing the risk of data exposure.
* [**PCI-Validated Point-to-Point Encryption (P2PE)**](/getting-started/security-solutions/encryption.md#pci-validated-point-to-point-encryption-p2pe)**:** Encrypts card data at the point of entry to protect information during transmission.
* [**Cloud EMV**](/guides/cloud-emv.md)**:** Processes sensitive card data outside your software environment, removing your application from PCI DSS scope and minimizing compliance efforts.

For more information about PCI DSS Compliance, see

* [What is PCI DSS Compliance?
  ](https://xplorpay.com/insights/pci-dss-compliance/)[
  ](https://xplorpay.com/insights/pci-compliance/)
* [What are the PCI Standards & Programs?
  ](https://xplorpay.com/insights/pci-data-security-standards/)
* [What's New With PCI DSS 3.2?
  ](https://xplorpay.com/insights/pci-dss-3-2/)[
  ](https://xplorpay.com/insights/pci-compliance/)
* [Security Best Practices](https://xplorpay.com/insights/security-best-practices/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xplorpay.com/getting-started/security-solutions/pci-compliance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.