The Payment Card Industry PIN Transaction Security (PTS) requirements are used primarily by ATM and point-of-sale equipment manufacturers to secure cardholder data at the physical point of interaction. Changes to the standard follow a defined 36-month lifecycle with eight stages. The lifecycle ensures a gradual, phased use of new versions of the standard without invalidating current implementations of PTS. It also prevents organizations from becoming noncompliant when changes are published and allows vendors to complete existing product development. Throughout the lifecycle, the Council will continuously evaluate evolving technology and threats, and provide ongoing guidance about these standards.
The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder data that is stored, processed or transmitted by merchants and other organizations. Changes to the PCI standards follow a defined 36-month lifecycle with eight stages. The lifecycle ensures a gradual, phased introduction of new versions of the standard in order to prevent organizations from becoming noncompliant when changes are published. This lifecycle also applies to the Payment Application Data Security Standard (PA-DSS), which covers validation requirements for applications used to process payment cards. During the lifecycle, the Council will continuously evaluate evolving technology and threats, and if necessary, make mid-lifecycle changes to the standards or provide ongoing supplemental guidance about these issues.
Skimming is the unauthorized capture and transfer of payment data to another source. Its purpose is to commit fraud, the threat is serious, and it can hit any merchant's environment. PCI Security Standards currently contain a number of requirements and recommendations to guard against skimming. This “At-a-Glance” provides a snapshot of skimming and introduces areas requiring countermeasures to ensure an appropriate level of security for cardholder data.
The goal of this document is to help organizations understand how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and provide practical methods and concepts for deployment of secure wireless in payment card transaction environments.
Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) is to "protect stored cardholder data." For merchants who have a legitimate business reason to store cardholder data, it is important to understand what data elements PCI DSS allows them to store and what measures they must take to protect those data.
PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect cardholder payment data.
PCI security for merchants and payment card processors is the vital byproduct of applying information security best practices in the Payment Card Industry Data Security Standard (PCI DSS).
The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder payment data that is stored, processed or transmitted by merchants and processors.
Reports and Blog Resources