PCI DSS

Payment card industry Data security standard

  • International security standards (norms) – they prevent information leak of vulnerable card holders data and also prevent against card frauds caused by illegal miss-usage of these data
  • Basically, there are 12 requirements
  • Security requirements are specified for organization which process, transmit or store card holders or payment transactions data (particularly banks, authorization offices, service providers, merchants accepting payment cards)
  • It includes specific security recommendations how to protect payment cards and card holders data
    • Security compliance should be and will be regularly audited within all subjects working with payment cards information, audit level depends on a quantity and a type of payment transactions per year
    • Security treatments for payment card data are, within banks and specialized organization (also authorized centres), secured and audited, this is also needed for other concerned subjects
    • Security treatments for payment card data at the services providers and merchants must be also checked and its subject to listed standards:
      • annual audit can only be processed by qualified auditors
      • quarterly external vulnerability testing can only be processed by approved vendors
      • Self-Assessment SAQ can be processed by concerned subject/ merchant them self
  • for further details please see www.pcisecuritystandards.org or www.pcistandard.cz