The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure.
It was originally formed by Visa, Mastercard, American Express, Discover and JCB in 2004. The updated versions are:
– Version 1.2 was released on October 1, 2008
– Version 2.0 was released in October 2010
– Version 3.0 was released in November 2013 and is active from January 1, 2014 to December 31, 2016.
The PCI DSS specifies 12 requirements for compliance, organized into six logically related groups called “control objectives” which are:
– Build and Maintain a Secure Network
– Protect Cardholder Data
– Maintain a Vulnerability Management Program
– Implement Strong Access Control Measures
– Regularly Monitor and Test Networks
– Maintain an Information Security Policy.