Payment Card Security
CategoryCyber Security Standards
PCI Data Security Standard (DSS) 3.2 is a specification mandated by the credit card brands and administered by the PCI Security Standards Council (SSC). It has been created to increase security controls around cardholder data management and processing, to reduce credit card fraud.
Cardholder Data Environment
Payment Card Industry Compliance
PCI DSS provides a baseline of technical and operational requirements designed to protect account data, and applies to all business entities involved in payment card processing — merchants, acquirers, issuers and service providers.
Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem, and extend to systems operated by financial institutions that initiate and maintain the relationships with merchants which accept payment cards.
Compliance with the PCI DSS helps to alleviate these vulnerabilities and ensure safety of financial transactions. The standard lists the requirements that apply to all parties that store, process or transmit cardholder data or sensitive authentication data.
Payment industry regulations require validation of PCI compliance performed annually or quarterly, either by an external Qualified Security Assessor (QSA) — for large merchants, or through an internal audit using a Self-Assessment Questionnaire (SAQ) — for companies handling smaller credit card transaction volumes.
