PCI DSS
Payment Card Industry, Data Security Standard.
Developed by the five major card brands, to address potential areas of vulnerability and guide organizations in best practices to maintain the integrity of cardholder data.
Types Of Data On a Payment Card:
Guidelines for
Protecting Cardholder
Data Elements
Who must comply with PCI DSS
ORGANISATION:
-
Merchants (All Levels)
-
Service Providers - Any third party that stores, processes, or transmits card data on behalf of merchants or other service providers like Payment Gateways, Payment Processors, Tokenization Provider, Payment Aggregators
-
Financial Institutions
-
Organizations That Store and Transmit Card Data
Devices:
PCI DSS Applies to ANY Device That Stores, Processes, Transmits, or Can Impact the Security of Cardholder Data
-
Devices That Process Cardholder Data
-
Devices That Store Cardholder Data
-
Devices That Transmit Cardholder Data
-
Devices That Provide Security Controls for the CDE
-
Devices With Administrative Access to CDE
-
Devices in Connected Networks
-
Devices Used by Third Parties With Access to CDE