The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect cardholder data. PCI DSS applies to all organizations that process, store or transmit credit card information.
The PCI DSS Quick Start Glossary provides definitions for key terms used in the PCI DSS.
Access control: Measures that restrict access to cardholder data to only those individuals who need to know it.
Authentication: The process of verifying the identity of a user, device or process.
Encryption: The process of transforming readable data into an unreadable format.
Firewall: A system that controls network traffic between trusted and untrusted networks.
Network segmentation: The process of dividing a network into multiple isolated segments.
Payment Application Data Security Standard (PA-DSS): A set of security requirements for payment applications that store, process or transmit cardholder data.
Penetration testing: A security test that attempts to identify vulnerabilities by simulating an attack.
Risk management: A process for identifying, assessing and managing risks to the security of cardholder data.
Tokenization: The process of replacing sensitive data with a non-sensitive equivalent.
What does the PCI data security standard do?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect cardholders' data. The standard is developed and maintained by the Payment Card Industry Security Standards Council (PCI SSC).
PCI DSS applies to all organizations that store, process or transmit cardholder data. The standard is designed to protect cardholder data against unauthorized access, disclosure, use or modification. PCI DSS also requires organizations to maintain a secure environment and to develop and maintain security policies and procedures.
Organizations that are PCI DSS compliant must meet all of the requirements in the standard. PCI DSS compliance is a voluntary process, but many organizations choose to comply in order to protect their customers' data. What is the current PCI DSS standard? The current PCI DSS standard is version 3.2, which was released in April 2016. This version includes a number of changes and additions, including new requirements for encryption of cardholder data and for security of point-of-sale devices.
What are the 12 requirements for PCI DSS compliance?
There are 12 requirements for Payment Card Industry Data Security Standard (PCI DSS) compliance. They are:
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for all personnel
What is PCI DSS checklist?
The PCI DSS checklist is a tool used by organizations to assess their compliance with the Payment Card Industry Data Security Standard (PCI DSS). The checklist covers all 12 requirements of the PCI DSS and provides guidance on how to implement each requirement.
How many levels does PCI DSS have?
There are four levels of PCI DSS compliance:
1. Level 1: Organizations that process over 6 million Visa or Mastercard transactions per year.
2. Level 2: Organizations that process 1-6 million Visa or Mastercard transactions per year.
3. Level 3: Organizations that process 20,000-1 million Visa or Mastercard transactions per year.
4. Level 4: Organizations that process fewer than 20,000 Visa or Mastercard transactions per year, or are e-commerce merchants who have not yet reached the level of processing volume required for Level 3 compliance.