ISpectra Technologies
Payments · Security Standard

What is PCI DSS?

The global standard every business that handles cardholder data must meet to protect payment card information.

Definition

PCI DSS (Payment Card Industry Data Security Standard) is a global security standard maintained by the PCI Security Standards Council. It applies to any organisation that stores, processes or transmits cardholder data, and defines requirements to protect that data across people, process and technology.

Compliance is validated through a Self-Assessment Questionnaire (SAQ) or, for larger merchants and service providers, a Report on Compliance by a Qualified Security Assessor (QSA). The current version is PCI DSS v4.0.

The goals behind PCI DSS

1

Secure networks

Firewalls and secure system configurations.

2

Protect cardholder data

Encryption in storage and in transit.

3

Vulnerability management

Anti-malware and secure development.

4

Access control

Restrict access on a need-to-know basis.

5

Monitoring & testing

Log, monitor and regularly test systems.

6

Security policy

Maintain an information-security policy.

Who needs to comply?

Any merchant, processor or service provider — of any size — that stores, processes or transmits payment card data, from e-commerce sites to SaaS platforms handling payments.

How ISpectra helps

ISpectra scopes your cardholder data environment, closes gaps against PCI DSS v4.0, assists with SAQs or QSA assessments, and sets up the monitoring needed for ongoing compliance.

Talk to an advisor