Since its first release in 2004, the Payment Card Industry Data Security Standard (PCI DSS) has evolved to be a globally proven and accepted security standard. It represents a binding set of security requirements that applies to all merchants and payment service providers who transmit, process, or store payment credit card information. The standard provides rules for the network infrastructure and server components, including their management. In addition, it specifies the minimum requirements for the storage and encryption of payment cardholder data and their access restrictions. The standard also requires documented processes as well as regular testing of the infrastructure.

In a “first contact situation”, the standard appears confusing due to its 6 main chapters, 12 sub-chapters with 230 questions and more than 600 sub-items. In order to obtain a clearer view, the first step is scoping: Which networks and which components are affected by the PCI DSS regulations? Which processes are required and which documentation needs to be created or expanded? Where does payment card information appear at all? In a second step, a company saves a lot of work and money by reducing the scope to which PCI DSS needs to be applied: Can applications and data flow be engineered in a way that the number of applicable PCI DSS requirements is minimized? Does the IT architecture allow for network segmentation to limit the scope to a few network segments rather than the entire corporate network?

In order to find the right answers for you and your business, we offer workshops, consultancy and pre-audits in preparation for an audit. We have ten years of experience in dealing with PCI DSS and work together with our customers on the optimal implementation of customer specific and PCI DSS compliant solutions.

Useful Links

The PCI DSS Standard – the catalogue of all requirements of the PCI DSS standard

News for this Standard

1512, 2016

PCI Council publishes Scoping Guide

15.12.2016|Comments Off on PCI Council publishes Scoping Guide

Supplemental Guidance for PCI DSS Scoping published by PCI Council In December the PCI Council published a new guidance document addressing the topic “Scoping and Network Segmentation”. [...]

1511, 2016

SAQ A and Payment Page

15.11.2016|Comments Off on SAQ A and Payment Page

Payment Page and SAQ A eligibility In September the PCI Council published an FAQ to clarify the definition of a payment page and the eligibility use of SAQ [...]

2804, 2016

PCI DSS v3.2 published

28.4.2016|Comments Off on PCI DSS v3.2 published

PCI DSS v3.2 published On April 28, 2016 the PCI Council has published the new version 3.2 of the PCI DSS Standard. With publication of the Payment Card [...]