FAQ About Understanding the Basics of Cybersecurity
What is the Payment Card Industry Data Security Standard (PCI DSS)?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards established by major credit card companies to protect against payment card fraud. The PCI DSS applies to all businesses that accept payment cards, regardless of size or number of transactions.
The PCI DSS includes 12 requirements, which cover areas such as building and maintaining secure networks, protecting cardholder data, maintaining vulnerability management programs, and implementing strong access control measures. The requirements also include regular testing and monitoring of security systems, as well as maintaining an information security policy.
Compliance with the PCI DSS is required by the credit card companies and is enforced by payment processors and acquiring banks. Businesses that are found to be non-compliant may be subject to fines, increased transaction fees, and restrictions or termination of their ability to accept payment cards.
The PCI DSS has undergone several updates over the years to keep up with changing security threats and technology. The latest version, PCI DSS 4.0, is currently under development and is expected to be released in 2021.