Follow Us:

Payment Card Industry Data Security Standard (PCI DSS)


The PCI DSS was created by the Security Standards Council (SSC) to provide a set of standards designed to protect cardholder information. The PCI DSS is enforced by VISAMasterCardAmerican ExpressDiscover, and JC Brands.

The PCI DSS contains twelve major requirements that are broken down into over 250 sub-requirements:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Protect all systems against malware and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need to know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

Annual validation of these requirements varies depending on credit card transaction volume, however, any organization that processes, stores, or transmits credit card information is expected to adhere to the PCI DSS in its entirety.



Any organization that processes, stores, or transmits credit card information

  • Retail
  • eCommerce
  • Restaurants
  • ...and more


How secure is your organization?

Speak with an information security expert to find out.

All Areas of Compliance