Advanced Cyber Security

Encyclopedia / Encyclopedia Part 2 /

PCI-DSS Compliance

The Payment Card Industry Data Security Standard or PCI-DSS is a global IT security benchmark for cardholder protection developed by the Payment Card Industry Security Standards Council or PCI-SSC.

This payment model was specifically assembled in order to assist companies that utilize card payments in avoiding credit card fraud via enhanced restrictions around information and its vulnerability to compromise.

The PCI-DSS was initially started as five separate programs

The JCB Data Security Program, Discover Information and Compliance, American Express Data Security Operating Policy, MasterCard Site Data Protection, and Visa Card Information Security Program. Each and every one of the credit card companies involved had a similar, nigh-unified goal—to fashion an extra level of security for customers by guaranteeing that sellers meet the minimum levels of protection whenever they transmit, process, or store cardholder information.  

The PCI-DSS criterion is applicable to all companies that pass, hold, and process cardholder data from any card that sports the branded logo of the aforementioned credit card companies.

In addition, it's upheld by PCI-SSC, which maintains several other standards and protection requirements aside from it such as the PA-DSS (Payment Application Data Security Standard) and the PCI-PED (Payment Card Industry PIN Entry Device).

Compliance and validation can be ensured externally or internally, but it depends on how large the volume of transactions the enterprise is managing. 

On one hand, regardless of how big the company is, compliance must be assured every year in order to maintain the criteria set by the PCI-DSS paradigm.

On the other hand, only the best and brightest Qualified Security Assessors (QSAs or independent assessors who determine the security and performance of certain companies) out there are required by enterprises handling high-volume credit card transactions.

As a rule of thumb, the larger the volume of transactions, the stricter the stipulations for compliance as imposed by these multinational credit card companies.

It is recommended to scan your site for PCI category vulnerabilities.

And fix every vulnerabilities and issues before you hire a PCI consultant to audit your site for compliance.

If you are not passing the PCI compliance tests in the first run it can be a costly affair to re do the test.

Vulnerability Scanner - Vulnerability Management


➤ Related pages
Application Security
Black box
Blind SQL Injection
Blue box
Global System for Mobile GSM
Internet Filter
Logic Attack
Logic Bomb
Man in the Middle Attack
PCI-DSS Compliance
Red box
Server Spam Filter
Shoulder Surfing
What is 2600?
What is SANS Top 20?
What is Zero Day?
What is a Botnet?
What is vlan tagging?