anavem.
Back to Glossary
P

PCI-DSS (Payment Card Industry Data Security Standard)

PCI-DSS is a security standard for organizations handling credit card data, establishing requirements to protect cardholder information.

What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies accepting, processing, storing, or transmitting credit card information maintain a secure environment.

12 PCI-DSS Requirements

The requirements are grouped into six goals: Build and Maintain Secure Network (1-2), Protect Cardholder Data (3-4), Maintain Vulnerability Management Program (5-6), Implement Strong Access Control Measures (7-9), Regularly Monitor and Test Networks (10-11), and Maintain Information Security Policy (12).

Compliance Levels

Compliance levels are based on transaction volume, ranging from Level 4 (fewer than 20,000 transactions) to Level 1 (over 6 million transactions annually).

Common Misconceptions

  • "Small merchants don't need PCI" - All card handlers must comply
  • "PCI certification exists" - It's compliance validation, not certification
  • "Outsourcing eliminates PCI scope" - Reduces but doesn't eliminate responsibility