PCI-DSS (Payment Card Industry Data Security Standards) is a set of
security standards designed to ensure that all companies that accept,
process, store or transmit credit card information maintain a secure
environment. The PCI-DSS standards were created by major credit card
companies such as Visa, MasterCard, American Express and Discover to
protect sensitive cardholder data and reduce the risk of credit card fraud.
The PCI-DSS standards include 12 requirements that are grouped into six

  1. Build and Maintain a Secure Network: This includes requirements
    for firewalls, secure routers and other network devices.
  2. Protect Cardholder Data: This includes requirements for protecting
    sensitive cardholder data such as encryption, access controls and
    data backup.
  3. Maintain a Vulnerability Management Program: This includes
    requirements for identifying and mitigating security vulnerabilities.
  4. Implement Strong Access Control Measures: This includes
    requirements for controlling access to cardholder data and
    monitoring system activity.
  5. Regularly Monitor and Test Networks: This includes requirements for
    monitoring network activity and testing security controls.
  6. Maintain an Information Security Policy: This includes requirements
    for developing and maintaining a comprehensive security policy.
    Organizations that handle credit card information must comply with the
    PCI-DSS standards and must demonstrate compliance through regular
    assessments by a Qualified Security Assessor (QSA) or Internal Security
    Assessor (ISA). PCI DSS compliance is mandatory for any merchant who
    accepts credit card payments and non-compliance can lead to hefty fines
    and penalties. Additionally, non-compliance can also lead to loss of trust
    from customers and business partners. Organizations are expected to
    maintain the compliance on an ongoing basis.
Skip to content