FOREWORD
Target dates for compliance with the PCI DSS have all long since passed, and the Standard is now on its third version. Many organisations around the world – particularly those that fall below the top tier of payment card transaction volumes – are not yet compliant.
There are perhaps three reasons for this.
The first is that, outside a few US States, the PCI DSS has no legal status: it is not a law and does not have the force of law. Enforcement can only be carried out by contractual means, in a competitive payment card marketplace. The UK’s Information Commissioner, however, has said that compliance with the PCI DSS shows due diligence in protecting cardholder data, and has effectively imposed it as law through the threat of fines ...
Get PCI DSS: A Pocket Guide 4th edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
