Frequently Asked Question

What impact does the inclusion of UnionPay in PCI DSS documents have on an entity's PCI DSS assessment?

Whether the inclusion of UnionPay in PCI DSS documents impacts an entity's PCI DSS assessment is determined by the PCI SSC Participating Payment Brands (American Express, Discover, JCB International, Mastercard, UnionPay, and Visa). Each Participating Payment Brand currently has their own PCI compliance programs for the protection of their affiliated payment card account data. Entities should always contact their acquirer or the payment brands directly to determine their compliance reporting requirements, including any potential impacts to a PCI DSS assessment. Contact details for the payment brands can be found in FAQ #1142 How do I contact the payment card brands?

PCI DSS v3.2.1 documents have been updated to include UnionPay as a Participating Payment Brand, and UnionPay is now included in both PCI DSS v3.2.1 and v4.0 documents.

Originally published: October 2022
Article Number: 1561

Featured FAQ Articles