💳 PCI DSS v4.0

PCI DSS — Payment Card Security

PCI DSS v4.0 compliance in Portugal. Mandatory for merchants and payment processors. Gap analysis, QSA audit preparation, remediation support. Request a free quote.

Request a quote → ✉ info@bcert.org
Key benefits

PCI DSS — key benefits

Internationally recognised in 100+ countries via IAF MLA-registered partners

Required by EU, UK and US government procurement

Supports NIS2, DORA and GDPR compliance frameworks

Expert bilingual team (EN/PT) with proprietary BALTUM tools

Competitive, predictable pricing with fixed-milestone project plan

IAF-registered certificates

All PCI DSS certificates issued via BALTUM's partner network are registered in the IAF MLA (International Accreditation Forum Multilateral Recognition Arrangement) — recognised by accreditation bodies, regulators, and enterprise procurement in 100+ countries.

Our 4-step process

How BALTUM delivers certification

01

Scoping & gap analysis

Boundary definition, current-state assessment, and tailored project roadmap with fixed milestones.

02

Documentation & controls

Policy and procedure development, evidence framework mapped to the standard's control set.

03

Stage 1 & Stage 2 audit

Document review then operational audit, findings report, and formal nonconformity register.

04

Certification & surveillance

Remediation support, certificate issuance via IAF-registered partner, and surveillance planning.

Frequently asked questions

Common questions about PCI DSS

What is PCI DSS?+
PCI DSS (Payment Card Industry Data Security Standard) is a mandatory global standard for any organisation that stores, processes, or transmits cardholder data. Required by Visa, Mastercard, American Express, and Discover.
Is PCI DSS required in Portugal?+
Yes. Any Portuguese business accepting card payments must comply with PCI DSS, regardless of transaction volume. Non-compliance can result in fines and loss of payment processing rights.
What is a QSA?+
A Qualified Security Assessor (QSA) is a PCI SSC-certified auditor who conducts PCI DSS assessments. BALTUM prepares clients for QSA assessments and coordinates with certified QSAs in our partner network.
💳

Who needs it?

PCI DSS (Payment Card Industry Data Security Standard) is a mandatory global standard for any organisation that stores, processes, or transmits cardholder data. Required by Visa, Mastercard, American Express, and Discover.

💡

Expert team. Competitive pricing.

Our team includes qualified lead auditors fluent in English and Portuguese with expertise in information security, AI governance, and privacy. Proprietary BALTUM tools streamline certification — making it cost-competitive and predictable.

📋 Request a free quote

Related standards
🔐
ISO/IEC 27001Information Security Management
🔏
ISO/IEC 27701Privacy Information Management
🤖
ISO/IEC 42001AI Management System
SOC 2Trust Services Criteria