PCI DSS v4.0
Securing Transactions, Safeguarding Trust: Your Shield in Payment Card Security.
Global Standard for Payment Security
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. v4.0 addresses emerging threats with innovative combat strategies.
Core Security Requirements
Build and Maintain a Secure Network and systems:
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data:
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program:
- Use and regularly update antivirus software.
- Develop and maintain secure systems and applications.
Implement Strong Access Control Measures:
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
Regularly Monitor and Test Networks:
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
Maintain an Information Security Policy:
- Establish and maintain an information security policy.
Compliance Levels
Level 1Over 6M
Transactions Annually
Level 21M - 6M
Transactions Annually
Level 320K - 1M
Transactions Annually
Level 4Less than 20K
Transactions Annually
Validation & Penalties
Compliance validation involves self-assessment questionnaires (SAQs), external scans, and onsite assessments by QSAs. Non-compliance can result in severe fines, increased fees, and processing restrictions.
Official PCI Security Standards Council Website