What is PCI DSS?
PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc.
PCI Data Security Standard (PCI DSS) is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that mirror security best practices.
The goal of the PCI DSS is to protect cardholder data and sensitive authentication data wherever it is processed, stored or transmitted.
Who is Required to Comply with the PCI DSS?
The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If a person or entity accepts or processes payment cards, PCI DSS applies to that person or entity.
What are the Goals and Requirements of the PCI DSS?
The PCI DSS v3.2.1 outlines six major goals as follows:
and contains twelve major requirements, in addition to 79+ sub-requirements, as in the following:
Don’t try to manage it all alone! Linqs has extensive experience in compliance with the PCI DSS requirements.
We can assist you with training, policy and procedure development, and help implement your information security management system compliant with the PCI DSS requirements.