PCI-DSS


Short for Payment Card Industry (PCI) Data Security Standard (DSS), PCI DSS is a standard that all organizations, including online retailers, must follow when storing, processing and transmitting their customer’s credit card data. The Data Security Standard (DSS) was developed and the standard is maintained by the Payment Card Industry Security Standards Council (PCI SSC). To be PCI complaint companies must use a firewall between wireless network and their cardholder data environment, use the latest security and authentication such as WPA/WPA2 and also change default settings for wired privacy keys, and use a network intrusion detection system.

The PCI DSS standard, as of September 2009 (DSS v 1.2), includes the following 12 requirements for best security practices:

Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy
12. Maintain a policy that addresses information security

[Source: PCI Security Standards Council]

The PCI DSS may also be called PCI compliance or PCI requirements.

Read Also:

  • PCI Express

    (pē-sē-ī ik-spres´) (n.) An I/O interconnect bus standard (which includes a protocol and a layered architecture) that expands on and doubles the data transfer rates of original PCI. PCI Express is a two-way, serial connection that carries data in packets along two pairs of point-to-point data lanes, compared to the single parallel data bus of […]

  • PCI Express x16

    The PCI Express x16 graphics interface (also called PCIe x16) offers increased bandwidth and scalability over the previous AGP8X generation. PCI Express x16 allows up to 4 GB/s of peak bandwidth per direction, and up to 8 GB/s concurrent bandwidth. PCI-Express x16 is used by the Intel 915 and 925 and other chipsets which support […]

  • PCI SSC

    Short for Payment Card Industry Security Standards Council (PCI SSC), it is the governing organization and open forum responsible for the development, management, education, and awareness of PCI Security Standards, including the Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS).

  • PCI Security Standards Council

    The PCI (Payment Card Industry) Security Standards Council is an industry-led standards organization, founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International to provide a formalized standards body to manage the ongoing evolution of PCI Security Standards. The PCI Security Standards Council is responsible for the following tasks: Develop and manage […]

  • PCI-X

    Short for PCI extended, an enhanced PCI bus. PCI-X is backward-compatible with existing PCI cards. It improves upon the speed of PCI from 133 MBps to as much as 1 GBps. PCI-X was designed jointly by IBM, HP and Compaq to increase performance of high bandwidth devices, such as Gigabit Ethernet and Fibre Channel, and […]


Disclaimer: PCI-DSS definition / meaning should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional. All content on this website is for informational purposes only.