PCI DSS
What is PCI DSS?
PCI DSSA global information-security standard for organizations that store, process, or transmit payment card data, maintained by the PCI Security Standards Council.
The Payment Card Industry Data Security Standard (PCI DSS) is a contractual, industry-mandated standard that applies to any organization that stores, processes, or transmits cardholder data for the major card brands (Visa, Mastercard, American Express, Discover, JCB). The current version 4.0.1 defines 12 high-level requirements and several hundred sub-requirements covering network security, encryption of card data, access control, vulnerability management, logging, and policy. Compliance level (1–4) depends on transaction volume and determines whether an organization completes a Self-Assessment Questionnaire or undergoes a Report on Compliance by a Qualified Security Assessor (QSA).
● Examples
- 01
A Level 1 merchant undergoing an annual on-site QSA assessment.
- 02
A payment processor implementing point-to-point encryption and tokenization to reduce scope.
● Frequently asked questions
What is PCI DSS?
A global information-security standard for organizations that store, process, or transmit payment card data, maintained by the PCI Security Standards Council. It belongs to the Compliance & Frameworks category of cybersecurity.
What does PCI DSS mean?
A global information-security standard for organizations that store, process, or transmit payment card data, maintained by the PCI Security Standards Council.
How do you defend against PCI DSS?
Defences for PCI DSS typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for PCI DSS?
Common alternative names include: Payment Card Industry Data Security Standard, PCI.