PCI Security Standards Council Fact Sheets

  • Lifecycle for changes to the PTS

    The Payment Card Industry PIN Transaction Security (PTS) requirements are used primarily by ATM and point-of-sale equipment manufacturers to secure cardholder data at the physical point of interaction. Changes to the standard follow a defined 36-month lifecycle with eight stages. The lifecycle ensures a gradual, phased use of new versions of the standard without invalidating current implementations of PTS. It also prevents organizations from becoming noncompliant when changes are published and allows vendors to complete existing product development. Throughout the lifecycle, the Council will continuously evaluate evolving technology and threats, and provide ongoing guidance about these standards.

  • Lifecycle for changes to the PCI DSS and PA DSS

    The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder data that is stored, processed or transmitted by merchants and other organizations. Changes to the PCI standards follow a defined 36-month lifecycle with eight stages. The lifecycle ensures a gradual, phased introduction of new versions of the standard in order to prevent organizations from becoming noncompliant when changes are published. This lifecycle also applies to the Payment Application Data Security Standard (PA-DSS), which covers validation requirements for applications used to process payment cards. During the lifecycle, the Council will continuously evaluate evolving technology and threats, and if necessary, make mid-lifecycle changes to the standards or provide ongoing supplemental guidance about these issues.

  • Overview of the PCI SSC Skimming Prevention: Best Practices for Merchants

    Skimming is the unauthorized capture and transfer of payment data to another source. Its purpose is to commit fraud, the threat is serious, and it can hit any merchant’s environment. PCI Security Standards currently contain a number of requirements and recommendations to guard against skimming. This “At-a-Glance” provides a snapshot of skimming and introduces areas requiring countermeasures to ensure an appropriate level of security for cardholder data.

  • Overview of the PCI DSS Wireless Guideline

    The goal of this document is to help organizations understand how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and provide practical methods and concepts for deployment of secure wireless in payment card transaction environments.

  • PCI Data Storage Do’s and Don’ts

    Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) is to “protect stored cardholder data.” For merchants who have a legitimate business reason to store cardholder data, it is important to understand what data elements PCI DSS allows them to store and what measures they must take to protect those data.

  • Payment Card Industry Security Standards Overview

    PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect cardholder payment data.

  • Getting Started with PCI Data Security Standard

    PCI security for merchants and payment card processors is the vital byproduct of applying information security best practices in the Payment Card Industry Data Security Standard (PCI DSS).

  • Ten Common Myths of PCI DSS

    The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder payment data that is stored, processed or transmitted by merchants and processors.

  • Reports and Blog Resources

    Verizon Business 2010 Data Breach Investigations Report

    Verizon Business Security Blog