PCI Data Security Standard (PCI DSS)

PCI Data Security Standard (PCI DSS)

pci-dss.jpg

PCI DSS was developed to encourage and enhance payment card account data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect payment account data.

Photo-1.png

PCI DSS Documents

Read more about the Standard and its supporting documentation in the PCI SSC Document Library.

Visit the Document Library
informational-training.jpg

Intended Audience

Entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) or could impact the security of the cardholder data environment (CDE). This includes all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers.

Photo-2.png

Professionals

Find a PCI SSC qualified assessor:

Qualified Security Assessors (QSAs) are independent security organizations that have been qualified and trained by PCI SSC to perform PCI DSS assessments.

Find a QSA

Approved Scanning Vendors (ASVs) are qualified and trained by PCI SSC to conduct external vulnerability scanning services in accordance with the applicable PCI DSS requirement.

Find an ASV

Resources

PCI DSS v4.x Blog Posts

View

Explore the Document Library

View

PCI DSS v4.0 At A Glance

View

PCI DSS v4.x Resource Hub

View

Watch the Videos

View

Frequently Asked Questions

View

Global Content Library

View

PCI SSC Glossary

View

Hear more on Coffee with the Council

View

Related Training

Approved Scanning Vendors (ASV)

Approved Scanning Vendors (ASV)

The Approved Scanning Vendor (ASV) training program, for staff and security personnel of Approved Scanning Vendor companies, is comprised of an in-depth eight-hour online course and exam covering the Payment Card Industry, Payment Card Industry Data Security Standards requirements and scan testing procedures.

More information
Internal Security Assessors (ISA)

Internal Security Assessors (ISA)

Internal Security Assessor (ISA) includes a company-level and individual certification. ISAs receive PCI SSC training to perform internal assessments for their organization and facilitate the consistent implementation of PCI DSS controls.

Become an ISA
Payment Card Industry Professionals (PCIP)

Payment Card Industry Professionals (PCIP)

The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.

Become a PCIP
Qualified Security Assessors (QSA)

Qualified Security Assessors (QSA)

Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS.

More information

Whether an entity is required to comply with or validate compliance to a PCI SSC standard is at the discretion of organizations that manage compliance programs, such as a payment brand, acquirer, or other entity. Visit our FAQ page for more information.