The PCI Data Security Standard

The PCI Data Security Standard is a set of comprehensive requirements for enhancing payment account data security. It was developed by the founding payment brands of the PCI Security Standards Council, including Visa, MasterCard, American Express, Discover Financial Services and JCB, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organisations proactively protect customer account data.

The number of transactions taken annually dictates the level of compliance needed. Merchant levels range from levels 1 - 4, with 1 requiring quarterly scans and a full annual audit and level 4 requiring an annual scan and a self-complete form to be submitted.

There are 12 requirements within the PCI Data Security Standard regulations which apply to all levels of merchant. These fall under six main headings:

• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Restrict physical access to cardholder data
• Regularly test security systems and processes

Further details of the exact requirements can be found using the following links:

The PCI Data Security Standard Version 1.1 (PDF) - the full PCIDSS regulations

The PCI Data Security Standard v 1.1 - Summary of Changes (PDF) - this is a summary of the changes that were made from the original PCI DSS

The PCI Data Security Standards Council - a link to the founding payment brands' site

Need help with compliance?