Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that regulates how entities store, process, and transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Cardholder Data refers to information including Primary Account Numbers (PAN), cardholder names, expiration dates, and service codes. Sensitive authentication data refers to information including "full track data (magnetic-stripe data or equivalent on a chip)," card verification codes, and PINs/PIN blocks. This standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. It was created to better control cardholder data and reduce credit card fraud. Validation of compliance is performed annually or quarterly with a method suited to the volume of transactions:
Before the PCI DSS was launched, payment card information security was handled by the major payment card brands. They had five different security programs:
The intentions of each were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they handle payment cards and related account information. As payment card fraud rose in the late 1990s and early 2000s, the major payment card brands felt a growing need to streamline and unify these information security standards. To address interoperability problems among the existing standards, the combined effort by the principal credit-card organizations resulted in the release of version 1.0 of PCI DSS in December 2004. PCI DSS has been implemented and followed worldwide.
The Payment Card Industry Security Standards Council (PCI SSC) was then formed, and these companies aligned their policies to create the PCI DSS. MasterCard, American Express, Visa, JCB International and Discover Financial Services established the PCI SSC in September 2006 as an administrative and governing entity which mandates the evolution and development of the PCI DSS. Independent private organizations can participate in PCI development after they register. Each participating organization joins a SIG (Special Interest Group) and contributes to activities mandated by the group. The following versions of the PCI DSS have been made available:
The PCI DSS has twelve requirements for compliance, organized into six related groups known as control objectives:
Each PCI DSS version has divided these six requirement groups differently, but the twelve requirements have not changed since the inception of the standard. Each requirement and sub-requirement is divided into three sections:
In version 4.0.1 of the PCI DSS, the twelve requirements are:
The PCI SSC (Payment Card Industry Security Standards Council) has released supplemental information to clarify requirements, which includes:
Hub AI
Payment Card Industry Data Security Standard AI simulator
(@Payment Card Industry Data Security Standard_simulator)
Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that regulates how entities store, process, and transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Cardholder Data refers to information including Primary Account Numbers (PAN), cardholder names, expiration dates, and service codes. Sensitive authentication data refers to information including "full track data (magnetic-stripe data or equivalent on a chip)," card verification codes, and PINs/PIN blocks. This standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. It was created to better control cardholder data and reduce credit card fraud. Validation of compliance is performed annually or quarterly with a method suited to the volume of transactions:
Before the PCI DSS was launched, payment card information security was handled by the major payment card brands. They had five different security programs:
The intentions of each were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they handle payment cards and related account information. As payment card fraud rose in the late 1990s and early 2000s, the major payment card brands felt a growing need to streamline and unify these information security standards. To address interoperability problems among the existing standards, the combined effort by the principal credit-card organizations resulted in the release of version 1.0 of PCI DSS in December 2004. PCI DSS has been implemented and followed worldwide.
The Payment Card Industry Security Standards Council (PCI SSC) was then formed, and these companies aligned their policies to create the PCI DSS. MasterCard, American Express, Visa, JCB International and Discover Financial Services established the PCI SSC in September 2006 as an administrative and governing entity which mandates the evolution and development of the PCI DSS. Independent private organizations can participate in PCI development after they register. Each participating organization joins a SIG (Special Interest Group) and contributes to activities mandated by the group. The following versions of the PCI DSS have been made available:
The PCI DSS has twelve requirements for compliance, organized into six related groups known as control objectives:
Each PCI DSS version has divided these six requirement groups differently, but the twelve requirements have not changed since the inception of the standard. Each requirement and sub-requirement is divided into three sections:
In version 4.0.1 of the PCI DSS, the twelve requirements are:
The PCI SSC (Payment Card Industry Security Standards Council) has released supplemental information to clarify requirements, which includes: