Credentials Explains: What is PCI DSS?

by Rose Addison, Manager of Documentation & Training | Dec 01, 2016

 
PCI DSS stands for the Payment Card Industry Data Security Standard. It is a set of requirements designed to safeguard and preserve a secure environment that limits credit card exposure. It is pertinent to all companies that store, process, and transmit cardholder data.1

The PCI DSS Standard was founded in 2006 by major credit card brands and is administered by the PCI Security Standards Council (PCI SSC). Organizations handling credit card transactions in the aforementioned manner must be in compliance with the standard and provide proof of validation annually, based on the volume of transactions handled.2

Compliance is performed by way of either a Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC), which is created by an external Qualified Security Assessor (QSA).3 Again, the number of annual credit card transactions determine the necessary method required in order to obtain and provide proof of compliance.

The standard is made up of six major requirements, each broken down into two or more components totaling twelve topics.4 These topics are broken down even further, encompassing over 200 specific criteria that must be constantly maintained by regulated organizations.5 The PCI SSC updates and releases its compliance standards frequently, as security threats become more and more advanced each day. 


 
1 PCI. (2016). PCI SSC Data Security Standards Overview. PCI Security Standards Council. Retrieved from https://www.pcisecuritystandards.org/pci_security/standards_overview
2
PCI. (2016). PCI Security. PCI Security Standards Council. Retrieved from 
https://www.pcisecuritystandards.org/pci_security/ 
3 PCI. (2016). Assessors & Solutions. PCI Security Standards Council. Retrieved from https://www.pcisecuritystandards.org/assessors_and_solutions/
4
PCI. (2016). Maintaining Payment Security. PCI Security Standards Council. Retrieved from 
https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security 
5 PCI. (2016). Requirements and Security Assessment Procedures. PCI Security Standards Council. Retrieved from https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf?agreement=true&time=1479247950272