| PCI DSS Guide |
What is PCI DSS?The Payment Card Industry Data Security Standard (PCI DSS) is a security standard that applies to anyone who stores, processes or transmits cardholder data. The purpose of the security standard is to enhance payment account data security and protect cardholders against misuse of their personal information. In simple terms it is a set of requirements that are designed to reduce the likelihood of a data breach occurring.
The standard contains twelve requirements that are grouped into six principles:
The PCI DSS defines the elements of cardholder information such as the PAN and then indicates if storage of each data element is permitted or prohibited and whether each data element must be protected.
What is the PCI SSC?
How did it come about?Before the formation of the PCI-SSC there were five different programs operated by the five card brands - Visa, MasterCard, American Express, Discover and JCB.
|
The Payment Card Industry Security Standards Council (PCI-SSC) is the group responsible for maintaining the PCI DSS along with a number of other standards such as the Payment Application DSS (PS-DSS) and the PIN Entry Device (PED) standard. The PCI-SSC is lead by an Executive Committee, composed on representatives from the founding payment brands - Visa, MasterCard, American Express, Discover and JCB. The Executive Committee is responsible for policy setting with the PCI-SSC. Operational decisions are made by a Management Committee, which is also composed of representatives from the payment brands. There is an Advisory Board, drawn from participating organsations. This advisory group provides input and feedback to the PCI-SSC.
