PCI DSS 3.0 definition

This definition is part of our Essential Guide: PCI 3.0 special report: Reviewing the state of payment card compliance
Contributor(s): Eric B. Parizo

PCI DSS 3.0 is the third major iteration of the Payment Card Industry Data Security Standard, a set of policies and procedures administered by the Payment Card Industry Security Standards Council (PCI SS)) to ensure the security of electronic payment data and sensitive authentication data.

Notable new or updated requirements in PCI DSS 3.0 include methodology-based penetration testing to verify that the methods used to segment the merchant cardholder data environment (CDE) from other IT infrastructure, an inventory of all hardware and software components within the cardholder data environment, documentation detailing which requirements are managed by third-party vendors vs. which are managed by the organization itself, antimalware detection and remediation processes for systems considered to be not commonly affected by malicious software, physical access controls for onsite personnel and methods to protect payment data-capture devices from tampering and substitution.

PCI DSS is updated on a three-year cycle; the previous revision was PCI DSS 2.0, released in 2010. The next major revision to the standard is expected to be released in 2016. The standard, created by the major credit card companies in 2004 to foster widespread adoption of consistent data security practices throughout the payment processing ecosystem, consists of introductory information outlining the purpose and scope of the standard; 12 requirements and their associated sub-requirements; and four appendices outlining additional compliance guidance for various special circumstances.

This was first published in November 2013

Continue Reading About PCI DSS 3.0

PRO+

Content

Find more PRO+ content and other member only offers, here.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close