PCI DSS 3.0 is the third major iteration of the Payment Card Industry Data Security Standard, a set of policies and procedures administered by the Payment Card Industry Security Standards Council (PCI SS)) to ensure the security of electronic payment data and sensitive authentication data.

Notable new or updated requirements in PCI DSS 3.0 include methodology-based penetration testing to verify that the methods used to segment the merchant cardholder data environment (CDE) from other IT infrastructure, an inventory of all hardware and software components within the cardholder data environment, documentation detailing which requirements are managed by third-party vendors vs. which are managed by the organization itself, antimalware detection and remediation processes for systems considered to be not commonly affected by malicious software, physical access controls for onsite personnel and methods to protect payment data-capture devices from tampering and substitution.

PCI DSS is updated on a three-year cycle; the previous revision was PCI DSS 2.0, released in 2010. The next major revision to the standard is expected to be released in 2016. The standard, created by the major credit card companies in 2004 to foster widespread adoption of consistent data security practices throughout the payment processing ecosystem, consists of introductory information outlining the purpose and scope of the standard; 12 requirements and their associated sub-requirements; and four appendices outlining additional compliance guidance for various special circumstances.

Contributor(s): Eric B. Parizo
This was last updated in November 2013
Posted by: Margaret Rouse

More News and Tutorials

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Research More Tech Terms

  • Search thousands of tech definitions
  • Browse tech definitions
    Browse Alphabetically:

Powered by WhatIs.com

File Extensions and File Formats

File Extension and File Formats List:

Powered by WhatIs.com