Q

Complying with the PCI Data Security Standard

What do you have to do to make sure your application security complies with the PCI Data Security Standard? SearchAppSecurity.com expert Jeremiah Grossman advises.

What do I have to do to make sure my application security complies with the PCI Data Security Standard?
The Payment Card Industry Data Security Standard, or PCI, is a standard co-developed by Visa and MasterCard. PCI defines a set of requirements for how cardholder information is to be protected and how compliance is to be assured. PCI requires merchants to have their publicly facing networks and Web sites be tested every three months by a certified vendor. PCI compliance assures merchants and the credit card brands that no serious vulnerabilities are present and consumers can shop with confidence.

To make sure you're PCI-compliant, you're going to have to do a couple things. If you're a Level 1 merchant (accepting over 6 million credit card transactions per year), you need to have an Annual On-site Security Assessment and Quarterly Networks Scan performed by an approved vendor. If you're a Level 2 or 3 merchant (accepting between 20,000 and 6 million credit card transactions per year), you need to fill out the Annual Self-Assessment Questionnaire and have Quarterly Networks Scans performed by an approved vendor.
This was first published in January 2006

Dig deeper on Internet Application Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close