PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a contractual, industry-mandated standard that applies to any organization that stores, processes, or transmits cardholder data for the major card brands (Visa, Mastercard, American Express, Discover, JCB). The current version 4.0.1 defines 12 high-level requirements and several hundred sub-requirements covering network security, encryption of card data, access control, vulnerability management, logging, and policy. Compliance level (1–4) depends on transaction volume and determines whether an organization completes a Self-Assessment Questionnaire or undergoes a Report on Compliance by a Qualified Security Assessor (QSA).