The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect organizations that handle credit card information from data breaches and cyber-attacks. The PCI DSS is managed by the PCI Security Standards Council, a consortium of major credit card brands including Visa, Mastercard, American Express, and Discover.
Organizations that handle credit card information are required to comply with the PCI DSS if they want to accept payments from major credit card brands. Failure to comply with the PCI DSS can result in hefty fines from the credit card brands, as well as an increased risk of data breaches and cyber-attacks.
The PCI DSS consists of 12 main requirements, which are grouped into six core security objectives:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy