Skip to content

PCI DSS

It is a mandatory compliance which all organization that either transmit, process or store card holder data.

PCI DSS

What is PCI DSS and why one need it?

The Payment Card Industry Data Security Standard provides us a set of security standards that are designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. 

The PCI Data Security Standards help protect the safety of that data. They set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.

Maintaining payment security is serious business. It is vital that every entity responsible for the security of cardholder data diligently follows the PCI Data Security Standards. 

Current standard of PCI-DSS is 4.0 and every organization must comply within 2025.

To get documentation of the latest version :- https://www.pcisecuritystandards.org/document_library  

PCI DSS Requirements In A Nutshell

PCI DSS Requirements

Frequently Asked Questions

What cardholder data is protected?

PCI DSS applies to all organizations that store, process and transmit cardholder data (CHD) and/or sensitive authentication data (SAD).  

Cardholder data includes Primary Account Number, Cardholder Name, expiration date and service code and Sensitive authentication data includes full track data (magnetic stripe data or equivalent on a chip) and CAV, CVC, CVV and CID numbers, PINS and PIN blocks.

Can cardholder data be stored?

Sensitive data on the magnetic stripe or chip must never be stored. Only the PAN, expiration date, service code, or cardholder name may be stored.

How long can you store cardholder data?

 Cardholder data should only be kept for as long as is necessary to meet legal, regulatory, or business requirements.

What is in scope for PCI DSS?

Systems that store, process or transmit cardholder data (CHD) or sensitive authentication data (SAD) are in the scope of PCI DSS.

Weekly Newsletter

Subscribe to our weekly newsletter to get weekly update.