PCI, or often PCI DSS (Payment Card Industry Data Security Standard), is an industry-led security standard to create a baseline for the security of financial, specifically cardholder, data. PCI applies, as a requirement, to all companies that process card payments and all companies that store, process, or transmit cardholder data and/or sensitive authentication data.
PCI is concerned with two types of data - 1) cardholder data (CHD) and 2) sensitive authentication data. There are key distinctions in how these types of data need to be handled. Cardholder data can be stored but sensitive authentication data cannot be stored.
Cardholder data (CHD)
* Primary account number (PAN) is the “defining factor for cardholder data”.
Sensitive authentication data
Completing a PCI DSS assessment is an in-depth process. The steps required are below:
PCI DSS is a security standard that applies to all companies that touch cardholder data, including Merchants and Service Providers that provide technology and services to support Merchant cardholder activities.
This course is an introduction to PCI. It covers the basics of PCI - types of entities, best practices, and the overall structure of the DSS. Once you’ve completed this course, our PCI-DSS In-Depth course goes into detail about the rules and requirements in the DSS.