PCI Compliance Portal
The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help ensure the security of Cardholder data and information-at the point of sale (POS), in transit over data networks, and at rest (databases, spreadsheets, paper documents). It should be noted that PCI DSS is a contractual obligation as opposed to a law. Merchants establish a contractual obligation to abide by PCI DSS through the terms of their merchant agreement with the acquiring entity used to clear the credit card transactions for the merchant. PCI DSS requirements also follow businesses engaged in providing services used by merchants to facilitate card transactions. These services include hosting Websites used in eCommerce to acting as a transaction clearing processor between the merchant and an acquiring bank. These "Service Providers" must also demonstrate PCI DSS compliance.



PCI DSS

PCI Security Standards CouncilKnuckle Buster (Home Page)

PCI DSS Documents (Landing Page)

PCI DSS v2.0

     -PCI DSS Quick Reference Guide

   


Info Documents

PCI DSS Cloud Computing Guidelines

PCI DSS Virtualization Guidelines

               -VMware Compliance Checker for PCI (On VMware Website)

Mobile Payment Acceptance Security Guidelines for Merchants v1.0

Overview of the PCI DSS Wireless Guideline

Overview of the PCI SSC Skimming Prevention: Best Practices for Merchants

PCI Data Storage Do's and Don'ts

Protecting Telephone-based Payment Card Data

PCI DSS 2.0 Risk Assessment Guidelines

Requirement 11.3 Penetration Testing v1.2

Requirement 6.6 Application Reviews and Web Application Firewalls Clarified v1.2


SAQs and More

PCI DSS Self-Assessment Questionnaire (SAQ)

PIN Transaction Security (PTS)

    *Approved PIN Transaction Security(Approved Devices)

Payment Application Data Security Standard (PA-DSS)

          *List of Validated Payment Applications

Qualified Security Assessors (QSAs) / Approved Scanning Vendors (ASVs)


Other PCI Related Links

PCI DSS News Treasury Institute for Higher EducationThe Bar

VISA CISP

CISP Procedures/Documents "If Compromised"

VISA Best Practices for Tokenization Version 1.0

MasterCard SDP Program USA

American Express - Merchant Data Security

Discover Information Security & Compliance (DISC)

Privacy Policy