This page tries to capture the sites and links that can help organisations gather the information they need to understand the Payment Card Industry Data Security Standard.
Update in progress – 19th May 2020
PCI DSS Version 3.2.1 Documents
- Tokenization Product Security Guidelines – Irreversible and Reversible Tokens
- Penetration Testing Guidance
- The Prioritized Approach to Pursue PCI DSS Compliance
Other recent PCI DSS Documents
- PCI Security Standards Council publishes third-party security assurance guidance
- PCI Mobile Payment Acceptance Security Guidelines
- PCI DSS Cloud Computing Guidelines Information Supplement
- PCI DSS Risk Assessment Guidelines Information Supplement
- PCI DSS E-commerce Guidelines Information Supplement
- PCI Mobile Payment Acceptance Security Guidelines Information Supplement
- PCI DSS ATM Security Guidelines Information Supplement
PCI (DSS, PA, SSF, P2PE, SSC) Reference sites and documents
- Payment Card Industry official standards website
- PCI DSS Overview
- List of QSA Companies. Qualified Security Advisors (QSA) have been tested by the PCI SSC and have appropriate indemnity insurances to cover their work and the countries they work in.
- Verify a QSA Employee. Is the QSA actually certified for the work you want them to undertake? Find out by using the link.
- Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers.
- Qualification Requirements For Approved Scanning Vendors (ASV)
- PCI DSS WiFi and Bluetooth Information Supplement
- PIN Transaction Security (PTS) Hardware Security Module (HSM) Security Requirements
- Accepting Mobile Payments with a Smartphone or Tablet
PCI SSC QIR Program
- PCI Standards Council update on PA-DSS and mobile acceptance applications
- PA-DSS and Mobile Applications FAQs
Point to Point Encryption (P2PE) Resources
- PCI SSC Payment Card Industry (PCI) Point-to-Point Encryption Glossary
- PCI Point to Point Encryption Hardware Solution Requirements. Initial Release
- P2PE QSA Qualification Requirements
Software Standards Framework (SSF)
- Secure Software Program Guide v1.0 – Jun 2019
- Secure SLC Program Guide v1.0 – Jun 2019
- Glossary of Terms, Abbreviations, and Acronyms v1.0– Jan 2019
Webinars
Call Centres, Call Recording and PCI DSS
- Protecting Telephone based Payment Card Data. A 12 page PCI Council Information Supplement that is an essential read for anyone who takes credit card payments over the phone.
- Protecting Telephone-based Payment Card Data v3
- Call Centre Security and PCI
PCI Blogs
Industry Sites
- Financial Fraud Action
- Be Card Smart
- Identity Theft Org
- Bank Safe Online
- UK Card Association
- Contactless Card
- UK Payments Administration
- Irish Payment Service Organisation
- Cheque and Credit
- Glossary
- Metropolitan Police Fraud Page
If you see a broken link, noticed something missing, or think something needs to be added please tell me.
.
Brian Pennington 
08/06/2012 at 5:18 pm
Cloud computing, vizrtaliuation, and other technologies are perfectly acceptable as long as your systems are properly configured and satisfy the PCI DSS requirements. It’s not about the technology it’s about the configuration, written agreements, and scope.Thank you for the link to PCIAnswers.com!
LikeLike
25/01/2012 at 4:25 am
Hi Brian
I am going to develop a PCI DSS Complaince project which will be helpful for the Banks to control their merchants who handles the Credit cards. My project takes care of
– Merchant’s SAQ Compliance
– Merchant’s PCI Level
-Merchant’s scan status and scan
-Merchant Validation
-Acquirer (Banks) can view all the merchant details
– and few more options
My question is: To develop a project, should I get any confirmation from PCI DSS Organisation? Please clarify my doubt. If anyone answer my question, I will be grateful to you
Regards
Raj Gna
Email: littlegroup555@gmail.com
LikeLike