PCI DSS

Learn about the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

Key Features

Why developers choose PCI DSS.

Applicability

Any organization that accepts, stores, processes, or transmits cardholder data.

Status

Effectively mandatory; non-compliance can result in losing the ability to process card payments.

Core Requirement

A prescriptive set of 12 core requirements covering network security, data protection, vulnerability management, access control, monitoring, and policy.

Key 4.0 Update

New requirements for client-side security to combat digital skimming (Magecart) attacks.

Perception

A non-negotiable baseline for any business handling payment cards.

Implementation & Strategy

Costs, timelines, and strategic considerations for adopting PCI DSS.

Estimated Project Costs

PCI DSS compliance costs can vary widely, depending on the size and complexity of the organization. A small organization might spend between $5,000 and $20,000, while a mid-sized organization could spend between $20,000 and $100,000. Large, enterprise-level organizations can exceed $100,000.

Implementation Strategy

A typical PCI DSS implementation starts with a scoping exercise to identify all the systems that are in scope for PCI DSS. From there, the organization can perform a gap analysis to identify any areas of non-compliance. The final step is to undergo a formal audit by a Qualified Security Assessor (QSA).