The Payment Card Industry Data Security Standard (PCI DSS) details the security procedures enterprises must implement when they are dealing with financial cardholder information for credit cards, debit cards, point-of-sale (POS) cards and the like. The 12 requirements outlined in the standard, which include encryption and network security, are considered by the PCI DSS consortium to be a "bare minimum" description of the security technologies and practices needed to protect sensitive cardholder data.
Because the 12 requirements are quite varied and complex, PCI DSS compliance can be a daunting task for any company. Solution providers must be able to interpret PCI regulations and assist customers in any and every aspect of the PCI DSS compliance process.
To assist with this process, we've compiled a PCI compliance guide of our best PCI DSS-related content into a PCI compliance guide, which can be used as a PCI resource to keep you up to date and better equipped to help customers with PCI DSS compliance. Peruse through the PCI compliance guide and learn how you can become an invaluable PCI resource for your customers.
PCI compliance guide: PCI compliance overview
New to PCI DSS? Start here with a brief overview of the standard. Even if you just need a refresher before delving into the in-depth PCI content below, this is a great place to start.
The impact of PCI DSS compliance on the channel: This exclusive video presentation looks at PCI from a solution provider-specific perspective. SecurityCurve’s Ed Moyle discusses how solution provider businesses are affected by PCI DSS, both through their customers, and through their own business dealings. He also explains one part of the PCI DSS that applies only to solution providers.
PCI compliance resources
Quick reference to PCI DSS documents: Part 1 explains which PCI documents to use for understanding PCI DSS compliance, and details assessment questionnaires for determining PCI levels, attestations of compliance, training programs and more.
Quick reference to PCI DSS documents: Part 2 goes beyond basic PCI DSS assessments and reporting. Security solution providers may need to access PCI DSS documentation for emerging technologies and other standards, which are listed here.
PCI compliance checklist: This checklist outlines five of the most-common PCI DSS compliance mistakes made by solution providers. Learn what they are so you can avoid making them when working with customers.
PCI compliance services FAQ: Once you've got the most common mistakes down, take a look at our list of PCI DSS compliance services frequently asked questions. If you've ever had to find the answers to one of these questions, rest assured that you are not alone. This resource outlines the PCI levels and explains the penalties for noncompliance -- a "must-read" for any solution provider. After reading through the questions, be sure to also listen to the podcast, which goes further into the frequently asked questions.
Advanced PCI compliance
PCI compliance: Web application firewall vs. code review: Requirement 6.6 in the PCI DSS specifies the need for Web application firewalls or code review. Customers may be overwhelmed by this particular requirement, as choosing between the two options can be tricky. Being a PCI resource to aid in this decision will prove invaluable to your customers.
The PCI DSS standard is regularly updated to reflect new technologies. PCI and virtualization: Enabling VMs with PCI compliance services explains virtualization (or VMs) can be implemented in enterprises that must meet PCI DSS guidelines.
The elements of a regulatory compliance program is a video detailing a compliance program structure that will allow your customers to fit in any variety of regulations and guidelines: PCI DSS, MA 201 CMR 17, Nevada 603A and every other privacy law or legislation that may appear in the future.