We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Technology

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is the Payment Card Industry Data Security Standard?

By Marty Paule
Updated: May 17, 2024
Views: 6,491
Share

The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines and best practices provided to all businesses and other entities that process, transmit, or store credit card data. These guidelines were developed by the PCI Security Standards Council (PCI SSC) and are intended to prevent data leaks and resulting identity theft and credit card fraud. There are three ongoing phases involved in complying with the PCI DSS: assessment of business processes and identification of potential risks, remediation of those risks, and reporting compliance efforts to relevant banks and other credit card issuers.

Paramount in Payment Card Industry Data Security Standard compliance is the creation and maintenance of a secure computer network. A robust firewall must be constructed between cardholder data and external access to the network. System passwords should be implemented along with other security measures at every potential point of network vulnerability. All cardholder data must be securely stored, and when transmitted across public networks, it must be encrypted. Ongoing measures include the use of anti-virus software and restricted physical or computer access to data by personnel on a business need-to-know basis.

There are numerous tools and services available to assist organizations in dealing with the PCI DSS. While the PCI SSC establishes the standards for PCI compliance, all the major credit card brands have created their own standards with regard to enforcement and compliance of those standards as well as credit card validation procedures. Each of these companies offers online and other guidance to organizations that accept their cards. The PCI SSC also operates a program that approves Qualified Security Assessors who validate compliance with the Payment Card Industry Data Security Standard. For organizations that self-assess their compliance, the PCI SSC provides validation tools called Self-Assessment Questionnaires in several forms, each tailored to specific business environments.

A key premise in complying with the Payment Card Industry Data Security Standard is to only store credit card data that is essential to the organization's needs. Stored data should be subjected to time limits and transaction authentication data should never be stored. All account numbers and other sensitive data that are transmitted on public networks must be partially masked.

Other ongoing PCI DSS measures include the creation and maintenance of a vulnerability management program that creates secure applications and programs. Routine monitoring and network testing to identify weaknesses are also required. Each organization must also maintain and distribute a written security policy to all personnel.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.

Editors' Picks

Discussion Comments
Share
https://www.wisegeek.net/what-is-the-payment-card-industry-data-security-standard.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.