This page tries to capture the sites and links that can help organisations gather the information they need to understand the Payment Card Industry Data Security Standard.
Recent PCI DSS Documents
- PCI Mobile Payment Acceptance Security Guidelines
- PCI DSS Cloud Computing Guidelines Information Supplement
- PCI DSS Risk Assessment Guidelines Information Supplement
- PCI DSS E-commerce Guidelines Information Supplement
- PCI Mobile Payment Acceptance Security Guidelines Information Supplement
- PCI DSS ATM Security Guidelines Information Supplement
PCI (DSS, PA, SSC) Reference sites and documents
- Payment Card Industry official standards website
- PCI DSS Overview
- PCI DSS Prioritized Approach version2.0
- List of QSA Companies . Qualified Security Advisors (QSA) have been tested by the PCI SSC and have appropriate indemnity insurances to cover their work and the countries they work in.
- Verify a QSA Employee. Is the QSA actually certified, find out by using the link.
- Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet facing environments of merchants and service providers.
- PCI DSS WiFi and Bluetooth Information Supplement
- RoC reporting instructions for PCI DSS 2.0
- PIN Transaction Security (PTS) Hardware Security Module (HSM) Security Requirements
- Accepting Mobile Payments with a Smartphone or Tablet
PCI SSC QIR Program
- Eight Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data – registration required
- Information Supplement: PCI DSS Tokenization Guidelines
- Dummies Guide to Tokenization – a great starting point when looking to protect sensitive data like credit cards
- Tokenization. Taking it to the Cloud with Liaison Protect™ TaaS
- PCI Standards Council update on PA-DSS and mobile acceptance applications
- PA-DSS and Mobile Applications FAQs
- PA DSS Programme Guide V2.0
Point to Point Encryption (P2PE) Resources
- PCI SSC Payment Card Industry (PCI) Point-to-Point Encryption Glossary
- PCI Point to Point Encryption Hardware Solution Requirements. Initial Release
- P2PE QSA Qualification Requirements
- Point-to-Point Encryption Requirement June 2012
- PCI SAQ P2PE-HW v2.0 PDF
Webinars
- PCI Rocks on YouTube
- Webinar: PCI DSS 2.0; What’s Changing and How Does it Impact You?
- Webinar: Tokenisation Talk with Barclaycard, VISA Europe and nuBridges
- Webinar: Tokenization – and essential checklist for your business
Links to the card issuers data security pages
- American Express Data Security
- Discover Information Security & Compliance (DISC)
- JCB Security Program
- MasterCard International Site Data Protection (SDP) Program
Visa International Pages
- Visa Global Web Site Locator –
- Visa Canada Account Information Security (AIS)
- Visa Europe Account Information Security (AIS)
- Visa Latin America/Caribbean Account Information Security (AIS)
- Visa Southeast Asia Account Information Security (AIS)
- Visa USA Cardholder Information Security Program (CISP)
Call Recording and PCI
- Barclaycard “safe and sound, processing telephone payments securely
- How does PCI affect call centres?
- PCI Glossary from a call recording vendor
- Protecting Telephone based Payment Card Data. A 12 page PCI Council Information Supplement that is an essential read for anyone who takes credit card payments over the phone.
- Call Recording, PCI DSS & the Pitfalls
- Semafone call recording Solution
- Veritape call recording solution
- Call Centre Security and PCI
PCI Blogs
Industry Sites
- Financial Fraud Action
- Be Card Smart
- Identity Theft Org
- Bank Safe Online
- UK Card Association
- Contactless Card
- UK Payments Administration
- Irish Payment Service Organisation
- Cheque and Credit
- Glossary
- Metropolitan Police Fraud Page
If you see a broken link, noticed something missing or think something should be added please tell me.
.
#1 by Preet on 08/06/2012 - 5:18 pm
Cloud computing, vizrtaliuation, and other technologies are perfectly acceptable as long as your systems are properly configured and satisfy the PCI DSS requirements. It’s not about the technology it’s about the configuration, written agreements, and scope.Thank you for the link to PCIAnswers.com!
#2 by Raj Gna on 25/01/2012 - 4:25 am
Hi Brian
I am going to develop a PCI DSS Complaince project which will be helpful for the Banks to control their merchants who handles the Credit cards. My project takes care of
- Merchant’s SAQ Compliance
- Merchant’s PCI Level
-Merchant’s scan status and scan
-Merchant Validation
-Acquirer (Banks) can view all the merchant details
- and few more options
My question is: To develop a project, should I get any confirmation from PCI DSS Organisation? Please clarify my doubt. If anyone answer my question, I will be grateful to you
Regards
Raj Gna
Email: littlegroup555@gmail.com