Understanding PCI DSS compliance requirements

Payment Card Industry Security Standards Council (PCI SSC) has prescribed PCI Data Security Standards  (PCI DSS) for keeping payment cardholder data secure.  PCI DSS applies to any business that stores, processes, or transmits cardholder data. In practice, this means PCI applies to all merchants that accept card payments, as well as to the member financial institutions and service providers that process the associated transactions. Matrix of the compliance requirements prescribed by PCI SSC is given in the table below. Before studying the table, it would be helpful to understand the terms cardholder data, merchant, service provider, acquirer, application scanning vendor and qualified security assessor. Continue reading “Understanding PCI DSS compliance requirements”

PCI DSS Compliance Program undergoes a change

Last week, Visa announced a new Payment Card Industry Data Security Standard (PCI DSS) compliance program that will fuel dynamic data authentication.


This will mean that merchants will not need to validate their compliance with the Payment Card Industry Data Security Standard (PCI DSS) if at least 75% of the merchant’s annual Visa card transactions originate on smartcard-enabled terminals.


Continue reading “PCI DSS Compliance Program undergoes a change”

PCI Compliance-Code Review or Web Application Firewall

Payment Card Industry (PCI) – Data Security Standard is standard set based on a consensus based process led by 5 major credit card companies. It is not a government enforced standard and compliance is enforced by the credit companies.

Non-compliance results in higher fees and severe fines in the event of breach. All merchants and service providers collecting and processing credit card transactions are required to comply with the PCI-DSS. Version 1.2 of the standard was released in October 2008.

Section 6.6 of the PCI-DSS requires that for all public-facing applications, new threats and vulnerabilities should be addressed on an on-going basis and ensure that the applications are protected against know attacks.

Continue reading “PCI Compliance-Code Review or Web Application Firewall”