LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is PCI DSS?

PCI DSS = Payment Card Industry Data Security Standard — a mandatory ruleset for any organisation that stores, processes, or transmits credit card data, written by the major card brands (Visa, Mastercard, Amex, Discover, JCB).

PCI DSS arose because of widespread cardholder data breaches in the early 2000s. The card industry didn't wait for a regulator — they made compliance a contractual requirement: no PCI DSS, no merchant agreement.

Coverage includes:

  • Build and maintain a secure network (firewalls, no vendor defaults)
  • Protect cardholder data (encryption at rest and in transit)
  • Vulnerability management programme (AV, patch hygiene)
  • Strong access control (need-to-know, unique IDs, physical access)
  • Monitoring and testing of networks
  • Information security policy

Tip: PCI DSS levels (1–4) depend on transaction volume. Level 1 (~6M transactions/year) requires an annual on-site audit by a Qualified Security Assessor (QSA); Level 4 (<20K e-commerce transactions) needs only a self-assessment questionnaire (SAQ).

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 05, 2026