Compliance

PCI DSS

Payment Card Industry Data Security Standard — a set of security requirements for organisations that handle credit card data.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

Key Requirements

PCI DSS includes 12 high-level requirements grouped into 6 goals:

  1. Build and maintain a secure network (firewalls, no vendor defaults)
  2. Protect cardholder data (encryption, tokenization)
  3. Maintain a vulnerability management program
  4. Implement strong access control measures
  5. Regularly monitor and test networks
  6. Maintain an information security policy

Compliance Levels

LevelCriteria
Level 1>6 million transactions/year
Level 21–6 million transactions/year
Level 320,000–1 million transactions/year
Level 4<20,000 transactions/year

Relationship to GDPR

PCI DSS and GDPR are complementary — PCI DSS focuses on payment card security, while GDPR covers all personal data. Both require appropriate security measures.

Related Terms

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

EncryptionTechnical

The process of converting data into a coded form so that only authorised parties can read it.

TokenizationTechnical

Replacing sensitive data with a non-sensitive placeholder (token) that has no exploitable value on its own.

ISO 27001Compliance

An international standard for information security management systems (ISMS) — the most widely recognised security certification.

Persistent Cookie