Optiv Cybersecurity Dictionary

What is PCI and PCI DSS -The Payment Card Industry Data Security Standard?

PCI compliance usually refers to the PCI Data Security Standard (DSS), which is an information security standard for organizations that handle branded credit cards from the major card companies.


The standard applies to all entities that store, process and/or transmit credit cards. It covers technical and operational practices for system components included in, or connected to, environments with cardholder data. If an organization accepts or processes payment cards, PCI DSS applies.


Requirements for PCI compliance include: having proper firewalls set within infrastructure, using the latest in data encryption (such as WPA and WPA2), restricted cardholder data access (electronically as well as physically), appropriate tracking and monitoring of network resources and data, regular security checks and assessments of technologies and processes, and up-to-date antivirus software.

Contact Us