PCI
The Payment Card Industry Security Standards Council (PCI SSC)27 offers robust and comprehensive standards and supporting materials to enhance payment card data security. The materials produced by PCI SSC include a framework of specifications, tools, measurements, and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process — including prevention, detection, and appropriate reaction to security incidents. PCI DSS was developed by a number of major credit card companies (including American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International).
The standard consists of 12 core requirements, which include security management, policies, procedures, network architecture, software design, and other critical measures. These requirements are organized into the following areas:
- Build and maintain a secure network.
- Protect cardholder data.
- Maintain a vulnerability management program.
- Implement strong access control measures.
- Regularly monitor and test networks.
- Maintain an Information Security Policy.
Tools to assist organizations to validate their PCI DSS compliance include Self Assessment Questionnaires. For device vendors and manufacturers, the Council provides the PIN Transaction Security (PTS) requirements, which contain a single set of requirements ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
