Payment Card Industry Data Security Standard (PCI DSS) 3/e

The Payment Card Industry Data Security Standard (PCI DSS) must be met by all organisations (merchants and service providers) that transmit, process or store payment card data. It is a contractual obligation applied and enforced - by means of fines or other restrictions - directly by the payment providers themselves. As the cybercrime market evolves, attackers, targets and techniques do as well. The majority of data breaches still occur because basic controls are not in place, or because those that were present were not consistently implemented across an organisation. If obvious weaknesses are left exposed, chances are the attacker will exploit them. The objective of this revised practical guide is to give entities advice and tips on the entire PCI implementation process. It provides a roadmap, helping entities to navigate the broad, and sometimes confusing, PCI DSS v2, and shows them how to build and maintain a sustainable PCI compliance programme.