This page tries to capture the sites and links that can help organisations gather the information they need to understand the Payment Card Industry Data Security Standard.
PCI DSS Version 3.0 Documents
- Tokenization Product Security Guidelines – Irreversible and Reversible Tokens
- Penetration Testing Guidance
- Understanding the SAQs for PCI DSS v3.0
- The Prioritized Approach to Pursue PCI DSS Compliance
- Prioritized Approach Tool Version 3.0 in Excel
- Template for Report on Compliance for use with PCI DSS v3.0
- Summary of Changes from Template for Report on Compliance for use with PCI DSS v3.0 – Version 1.0 to 1.1
- Frequently Asked Questions for use with ROC Reporting Template for PCI DSS v3.0
- Payment Application Data Security Standard (PA-DSS) v3.0 Program Guide
- Payment Application Data Security Template for Report on Validation (ROV) for use with PA-DSS v3.0
- PA DSS Version Attestation of Validation (V3.0)
- Self Assessment Questionnaire SAQ A version 3
- Self Assessment Questionnaire SAQ A-EP version 3
- Self Assessment Questionnaire SAQ B version 3
- Self Assessment Questionnaire SAQ B-IP version 3
- Self Assessment Questionnaire SAQ C version 3
- Self Assessment Questionnaire SAQ C-VT version 3
- Self Assessment Questionnaire SAQ D Merchant version 3
- Self Assessment Questionnaire SAQ D Service Provider version 3
- Self Assessment Questionnaire SAQ P2Pe version 3
- PCI DSS Glossary of Terms, Abbreviations, and Acronyms v3.0
- PCI DSS ROC Reporting Template for v3.0
Other recent PCI DSS Documents
- Version 3 Requirements and Security Assessment Procedure
- PCI Security Standards Council publishes third-party security assurance guidance
- Summary of Changes from v2.0 to v3.0
- PCI Mobile Payment Acceptance Security Guidelines
- PCI DSS Cloud Computing Guidelines Information Supplement
- PCI DSS Risk Assessment Guidelines Information Supplement
- PCI DSS E-commerce Guidelines Information Supplement
- PCI Mobile Payment Acceptance Security Guidelines Information Supplement
- PCI DSS ATM Security Guidelines Information Supplement
PCI (DSS, PA, SSC) Reference sites and documents
- Payment Card Industry official standards website
- PCI DSS Overview
- List of QSA Companies . Qualified Security Advisors (QSA) have been tested by the PCI SSC and have appropriate indemnity insurances to cover their work and the countries they work in.
- Verify a QSA Employee. Is the QSA actually certified, find out by using the link.
- Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet facing environments of merchants and service providers.
- Qualification Requirements For Approved Scanning Vendors (ASV) December 2013
- PCI DSS WiFi and Bluetooth Information Supplement
- PIN Transaction Security (PTS) Hardware Security Module (HSM) Security Requirements
- Accepting Mobile Payments with a Smartphone or Tablet
PCI SSC QIR Program
- PCI Standards Council update on PA-DSS and mobile acceptance applications
- PA-DSS and Mobile Applications FAQs
- PA DSS Programme Guide V2.0
Point to Point Encryption (P2PE) Resources
- PCI SSC Payment Card Industry (PCI) Point-to-Point Encryption Glossary
- PCI Point to Point Encryption Hardware Solution Requirements. Initial Release
- P2PE QSA Qualification Requirements
- Point-to-Point Encryption Requirement June 2012
- PCI SAQ P2PE-HW v2.0 PDF
Webinars
- PCI Rocks on YouTube
- Pen Test FAQ: Differences between PCI DSS Requirement 6.6 and 11.3
- The Evolution of Payments on Campus
Links to the card issuers data security pages
- American Express Data Security
- Discover Information Security & Compliance (DISC)
- JCB Security Program
- MasterCard International Site Data Protection (SDP) Program
Visa International Pages
- Visa Global Web Site Locator –
- Visa Canada Account Information Security (AIS)
- Visa Europe Account Information Security (AIS)
- Visa Latin America/Caribbean Account Information Security (AIS)
- Visa Southeast Asia Account Information Security (AIS)
- Visa USA Cardholder Information Security Program (CISP)
Call Centres, Call Recording and PCI DSS
- Protecting Telephone based Payment Card Data. A 12 page PCI Council Information Supplement that is an essential read for anyone who takes credit card payments over the phone.
- Call Centre Security and PCI
PCI Blogs
Industry Sites
- Financial Fraud Action
- Be Card Smart
- Identity Theft Org
- Bank Safe Online
- UK Card Association
- Contactless Card
- UK Payments Administration
- Irish Payment Service Organisation
- Cheque and Credit
- Glossary
- Metropolitan Police Fraud Page
If you see a broken link, noticed something missing or think something needs to be added please tell me.
.
08/06/2012 at 5:18 pm
Cloud computing, vizrtaliuation, and other technologies are perfectly acceptable as long as your systems are properly configured and satisfy the PCI DSS requirements. It’s not about the technology it’s about the configuration, written agreements, and scope.Thank you for the link to PCIAnswers.com!
LikeLike
25/01/2012 at 4:25 am
Hi Brian
I am going to develop a PCI DSS Complaince project which will be helpful for the Banks to control their merchants who handles the Credit cards. My project takes care of
– Merchant’s SAQ Compliance
– Merchant’s PCI Level
-Merchant’s scan status and scan
-Merchant Validation
-Acquirer (Banks) can view all the merchant details
– and few more options
My question is: To develop a project, should I get any confirmation from PCI DSS Organisation? Please clarify my doubt. If anyone answer my question, I will be grateful to you
Regards
Raj Gna
Email: littlegroup555@gmail.com
LikeLike