Compliance

PCI DSS

The Payment Card Industry Data Security Standard is a set of security requirements designed to ensure all companies that process, store, or transmit credit card information maintain a secure environment.

Also known as:Payment Card Industry Data Security StandardPCI Compliance

What is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standard) is a global security standard developed by major card brands (Visa, Mastercard, American Express, Discover, JCB) to protect cardholder data. Any organization that handles payment card data must comply.

The 12 Requirements

Build and Maintain Secure Network

  1. Install and maintain firewall configuration
  2. Don't use vendor-supplied defaults

Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission across open networks

Maintain Vulnerability Management 5. Protect against malware 6. Develop secure systems and applications

Implement Strong Access Control 7. Restrict access on need-to-know basis 8. Identify and authenticate access 9. Restrict physical access

Monitor and Test Networks 10. Track and monitor all access 11. Regularly test security systems

Maintain Information Security Policy 12. Maintain security policy for all personnel

Compliance Levels

LevelTransaction VolumeValidation
16M+ annuallyOn-site audit (QSA)
21M-6M annuallySAQ
320K-1M e-commerceSAQ
4<20K e-commerceSAQ

PCI DSS v4.0 Changes

  • Customized approach option
  • Enhanced authentication requirements
  • Stronger encryption standards
  • Focus on continuous security
Previous

Patch Management

Next

Penetration Testing