Ask the Expert

Complying with the PCI Data Security Standard

What do I have to do to make sure my application security complies with the PCI Data Security Standard?

    Requires Free Membership to View

The Payment Card Industry Data Security Standard, or PCI, is a standard co-developed by Visa and MasterCard. PCI defines a set of requirements for how cardholder information is to be protected and how compliance is to be assured. PCI requires merchants to have their publicly facing networks and Web sites be tested every three months by a certified vendor. PCI compliance assures merchants and the credit card brands that no serious vulnerabilities are present and consumers can shop with confidence.

To make sure you're PCI-compliant, you're going to have to do a couple things. If you're a Level 1 merchant (accepting over 6 million credit card transactions per year), you need to have an Annual On-site Security Assessment and Quarterly Networks Scan performed by an approved vendor. If you're a Level 2 or 3 merchant (accepting between 20,000 and 6 million credit card transactions per year), you need to fill out the Annual Self-Assessment Questionnaire and have Quarterly Networks Scans performed by an approved vendor.

This was first published in January 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: