Payment Card Industry Data Security Standards (PCI-DSS)
PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council (Council) to protect cardholder data. The standards globally govern all merchants and organizations that store, process or transmit credit card data – with new requirements for software developers and manufacturers of applications and devices used in those transactions.
Compliance with PCI standards is mandatory for stakeholders, and is enforced by the major payment card brands who established the Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.
The Council provides programs for two kinds of certifications:
- Qualified Security Assessor (QSA)
- Approved Scanning Vendor (ASV)
QSAs are companies that assist organizations in reviewing the security of its payments transaction systems and have trained personnel and processes to assess and validate compliance with PCI-DSS and PA-DSS.
ASVs provide commercial software tools to perform certified vulnerability scans for your systems. Additional details can be found at: www.pcisecuritystandards.org.
The Self-Assessment Questionnaire (SAQ) is a validation tool for merchants and service providers who are not required to do on-site assessments for PCI-DSS compliance. Different SAQs are specified for various business situations. More details can be found at: www.pcisecuritystandards.org or contact the acquiring financial institution to determine if you should complete an SAQ.
For More Information
Contact us at (855) 879-2373 to learn about our security services, or request more information by submitting the form below.