PCI Data Security Standard (DSS)

What are the Payment Card Industry Data Security Standard?

The Payment Card Industry Data Security Standard (PCI DSS) is an evolving global framework for safeguarding payment card data, such as primary account number (i.e. credit card number), expiration date, card verification code, and other associated data. It is published and maintained by the Payment Card Industry Security Standards Council (PCI SSC) along with other standards and supplemental resources. PCI DSS is enforced contractually by payment brands such as Visa, MasterCard, Discover, and American Express, as well as financial institutions that process payment transactions on behalf of merchants. PCI DSS defines 12 high-level requirements for protecting payment card data, each of which includes multiple sections, requirements, testing procedures, and supporting guidance.

Who is the intended audience?

Per PCI DSS v4.0, this standard is intended for all entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD), or that could impact the security of the cardholder data environment (CDE). This includes all entities involved in payment card account processing — including merchants, processors, acquirers, issuers, and other service providers. Whether any entity is required to comply with or validate their compliance to PCI DSS is at the discretion of those organizations that manage compliance programs (such as payment brands and acquirers).

Where can I find more information?

The following resources can be found on the PCI Security Standards Council website:

How can runZero help me with these controls?

You can find the latest information on how runZero can help with PCI DSS at the following page.

Updated