Skip Navigation
2016 PCI Compliance Standard Report

2016 PCI Compliance Standard Report


Introduction and PCI Data Security Standard OverviewThe Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitatethe broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirementsdesigned to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors,acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/orsensitive authentication data (SAD). Below is a high-level overview of the 12 PCI DSS requirements.

This document, PCI Data Security Standard Requirements and Security Assessment Procedures, combines the 12 PCI DSS requirements andcorresponding testing procedures into a security assessment tool. It is designed for use during PCI DSS compliance assessments as part of anentity’s validation process. The following sections provide detailed guidelines and best practices to assist entities prepare for, conduct, and reportthe results of a PCI DSS assessment. The PCI DSS Requirements and Testing Procedures begin on page 15.

PCI DSS comprises a minimum set of requirements for protecting account data, and may be enhanced by additional controls and practices tofurther mitigate risks, as well as local, regional and sector laws and regulations. Additionally, legislation or regulatory requirements may requirespecific protection of personal information or other data elements (for example, cardholder name). PCI DSS does not supersede local or regionallaws, government regulations, or other legal requirements

Courtesy TrustWave Gloval Security Report.