Home > Ask the Software Quality Experts > Application Security Questions & Answers > Complying with the PCI Data Security Standard
Ask The Software Quality Expert: Questions & Answers
EMAIL THIS

Complying with the PCI Data Security Standard

Jeremiah Grossman EXPERT RESPONSE FROM: Jeremiah Grossman

Pose a Question
Other Software Quality Categories
Meet all Software Quality Experts
Become an Expert for this site


Software quality news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 30 January 2006
What do I have to do to make sure my application security complies with the PCI Data Security Standard?

>
EXPERT RESPONSE
The Payment Card Industry Data Security Standard, or PCI, is a standard co-developed by Visa and MasterCard. PCI defines a set of requirements for how cardholder information is to be protected and how compliance is to be assured. PCI requires merchants to have their publicly facing networks and Web sites be tested every three months by a certified vendor. PCI compliance assures merchants and the credit card brands that no serious vulnerabilities are present and consumers can shop with confidence.

To make sure you're PCI-compliant, you're going to have to do a couple things. If you're a Level 1 merchant (accepting over 6 million credit card transactions per year), you need to have an Annual On-site Security Assessment and Quarterly Networks Scan performed by an approved vendor. If you're a Level 2 or 3 merchant (accepting between 20,000 and 6 million credit card transactions per year), you need to fill out the Annual Self-Assessment Questionnaire and have Quarterly Networks Scans performed by an approved vendor.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Application Security
Top tools for testing Web application security
How to prevent HTTP response splitting
PCI DSS compliance: WAF, code review or both?
Application security careers have bright future
How to prevent anti-DNS pinning attacks
Open source application security testing tools
Java application security features and measures
Web application security testing basics
Password recovery with .NET 2.O using C#
Free load and performance testing tools

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Software Quality - Software Maintenance, Software Requirements, Software Standards
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts