Payment Card Industry Data Security Standard (PCI DSS) is a payment card industry data security standard developed by the Payment Card Industry Security Standards Council (PCI SSC), established by the international payment systems Visa, MasterCard, American Express, JCB and Discover. The standard is a set of 12 detailed requirements for ensuring the security of data on cardholders who are transferred, stored and processed in the information infrastructures of organizations. The adoption of appropriate measures to ensure compliance with the requirements of the standard implies an integrated approach to ensuring the information security of payment card data.
About the Payment Card Industry Data Security Standard
The requirements of the standard apply to all companies working with international payment systems Visa and MasterCard. Depending on the number of processed transactions, each company is assigned a certain level with an appropriate set of requirements that they must fulfill. The requirements of the standard include annual company audits, as well as quarterly network scans.
The standard combines the requirements of a number of programs of international payment systems for the protection of information, in particular:
Since September 2006, the standard was introduced by the international payment system Visa in the territory of the CEMEA region (central and eastern Europe, the Middle East and Africa) as mandatory, respectively, its effect extends to Russia. Therefore, service providers (processing centers, payment gateways, Internet providers) working directly with VisaNet must undergo an audit procedure for compliance with the requirements of the standard.