What is PCI DSS?
The global standard every business that handles cardholder data must meet to protect payment card information.
Definition
PCI DSS (Payment Card Industry Data Security Standard) is a global security standard maintained by the PCI Security Standards Council. It applies to any organisation that stores, processes or transmits cardholder data, and defines requirements to protect that data across people, process and technology.
Compliance is validated through a Self-Assessment Questionnaire (SAQ) or, for larger merchants and service providers, a Report on Compliance by a Qualified Security Assessor (QSA). The current version is PCI DSS v4.0.
The goals behind PCI DSS
Secure networks
Firewalls and secure system configurations.
Protect cardholder data
Encryption in storage and in transit.
Vulnerability management
Anti-malware and secure development.
Access control
Restrict access on a need-to-know basis.
Monitoring & testing
Log, monitor and regularly test systems.
Security policy
Maintain an information-security policy.
Who needs to comply?
Any merchant, processor or service provider — of any size — that stores, processes or transmits payment card data, from e-commerce sites to SaaS platforms handling payments.
How ISpectra helps
ISpectra scopes your cardholder data environment, closes gaps against PCI DSS v4.0, assists with SAQs or QSA assessments, and sets up the monitoring needed for ongoing compliance.
Talk to an advisor