What is PCI DSS (Payment Card Industry Data Security Standard)?

PCI DSS stands for Payment Card Industry Data Security Standard and is a security standard for companies and organizations that handle credit card information.

The Payment Card Industry Standards Council created it to increase cardholder data security.

The PCI DSS was first released in 2004 after Visa, MasterCard, American Express, Discover, and JCB formed the PCI SSC to conciliate their security policies. Since then, there have been several versions.

What is the difference between PCI DSS and ISO 27001?

PCI DSS is a standard that covers information security of credit cardholders’ information, where ISO/IEC 27001 is a specification for an information security management system.

What are the levels of PCI DSS?

There are four PCI levels, depending on the volume of card transactions your business handles yearly:

  • PCI Level 1: Businesses processing over 6 million transactions per year
  • PCI Level 2: Businesses processing 1 million to 6 million transactions per year
  • PCI Level 3: Businesses processing 20,000 to 1 million transactions per year
  • PCI Level 4: Businesses processing less than 20,000 transactions per year

What are the principles of PCI DSS?

The 12 principles of PCI DSS include the following:

  1. Installing and maintaining a firewall
  2. Changing passwords and security settings
  3. Protecting stored cardholder data
  4. Encrypting cardholders’ data
  5. Using and updating antivirus programs
  6. Developing security systems and processes
  7. Restricting access to cardholders’ data
  8. Restricting physical access to cardholders’ data
  9. Identifying and authenticating access to system components
  10. Tracking and monitoring who accesses networks and cardholders’ data
  11. Regularly testing systems and processes
  12. Having a policy on information security
Jan 7th, 2022
2 min read