Now that you know what PCI DSS compliance is and who needs to be PCI compliant, it’s time to learn more about the different PCI standards and programs.
PCI DSS is the core PCI standard as it applies to any organization that stores, processes, and/or transmits cardholder data. This includes businesses, processors, acquirers, issuers and service providers. Literally every entity in the payment processing industry. As such, PCI DSS is by far the largest set of standards.
There are 12 requirements with corresponding testing procedures grouped into six goals. Download the document titled PCI DSS from this document library to learn about each testing procedure.
Build and maintain a secure network and systems
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy
In addition to following the PCI DSS standards, software vendors and others who develop payment applications that store, process or transmit cardholder data need to also follow the Payment Application Data Security Standard. PA-DSS for short. The standards help protect full magnetic stripe data digitally stored on the back of the payment card as well as data stored on the computer chip embedded within some cards.
The card brands encourage businesses to use payment applications that comply with PA-DSS and are approved by the PCI Security Standards Council. You can check the list of approved payment applications before making a purchase on The Council’s website.
Here are the 14 requirements. Each one has sub requirements and specific testing procedures. You can download the 92-page document titled PA-DSS from this document library.
Companies that make credit card terminals, PIN pads and card readers need to follow this set of standards. The requirements are focused on the protection of cardholder personal identification numbers (PINs). Businesses should check the list of approved devices on the PCI Security Standards Council website every year.
Here is a high level summary of the PTS security requirements:
This program is for IT solutions providers including VARs, dealers, solution providers who work with small businesses to help reduce the risk of data theft. Organizations with this qualification are authorized to implement, configure, and/or support validated PA-DSS Payment Applications on behalf of businesses or service providers. This is to ensure the payment application has been implemented according to PCI DSS Compliance.