What is the Payment Card Industry Data Security Standard aka PCI DSS?

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023
What is the Payment Card Industry Data Security Standard aka PCI DSS?
Unsplash - Stock photo of the Business Man with a credit card by rupixen

The Payment Card Industry Data Security Standard, commonly know as PCI DSS, was developed by the Payment Card Industry Security Standards Council (PCI SSC), which was founded by the five leading credit card companies - MasterCard, Visa, JCB International, Discover and American Express - in 2006 to ensure the security of credit card data.

The PCI DSS is described as: "the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that mirror security best practices.

"It's not stated but the PCI DSS is also the international standard which organisations need to follow in order to meet PCI compliance.The steps mentioned above comprise 12 Requirements:

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

5. Protect all systems against malware and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications

7. Restrict access to cardholder data by business need to know

8. Identify and authenticate access to system components

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that addresses information security for all personnel

The best way to meet these 12 Requirements is to employ the services of a Qualified Security Assessor (QSA). QSAs are PCI SSC-qualified independent security companies that do all the legwork for you. QSAs go through a rigorous process to become one and this is shown by the fact there are only 383 (currently) QSAs around the world.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203