November 29, 2012

Posted in:

What Is PCI DSS?

The Payment Card Industry (PCI) Data Security Standard (DSS) is a standard for managing information security. The Payment Card Industry Security Standards Council—which consists of Visa, MasterCard, American Express, Discover, and JCB—defined the standard to ensure that merchants meet the card issuers’ guidelines for security in storing, processing, and transmitting cardholder data.

Both MasterCard and Visa require large merchants who accept their payment cards to prove their compliance with the standards. They expect smaller merchants to implement the same controls, although they may not require validation.

The first PCI DSS standard was released in December 2004. The current PCI DSS standard is version 2.0. Its six high-level PCI DSS control objectives are:

• Build and maintain a secure network
• Protect cardholder data • Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

Within these control objectives are 12 specific PCI DSS requirements, which subdivide into more than 220 sub-requirements. If you’d like more details about specific PCI rules, one of the PCI compliance experts at Edge Web Hosting would be happy to explain. But the beauty of entrusting your infrastructure to us is that you don’t need to dig into the minutiae.

Edge’s PCI Compliant Hosting service, audited by Trustwave, ensures that your IT platform meets or exceeds every PCI DSS 2.0 requirement.

Go back