PCI DSS

This page tries to capture the sites and links that can help organisations gather the information they need to understand the Payment Card Industry Data Security Standards.

PCI (DSS, PA/SSF, P2PE, PIN, 3DS, SSC, ABC, XYZ) Reference sites, documents and articles

Weak Enforcement and Low Compliance in PCI DSS: A Comparative Security Study
PCI DSS v4.0.1
PCI DSS Document library
Integrating Artificial Intelligence into PCI Assessments
New Information Supplement: Payment Page Security and Preventing E-Skimming
FAQ Clarifies New SAQ A Eligibility Criteria for E-Commerce Merchants
PCI DSS v4.0.1 Requirements and Testing Procedures
Payment Card Industry official standards website
PCI DSS Overview
The Ultimate Guide to PCI DSS v4.0
PCI DSS v4.0 | Hitchhiker’s Guide to v4.0
PCI PIN Security Requirements
List of QSA Companies. Qualified Security Advisors (QSA) have been tested by the PCI SSC and have appropriate indemnity insurance to cover their work and the countries they work in.
Verify a QSA Employee. Is the QSA actually certified for the work you want them to undertake? Find out by using the link.
Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers
Approved Payment Forensics Investigators (PFI)
PCI SSC – Glossary of Payment and Information Security Terms

Industry Sites

Articles and Research

If you see a broken link, notice something missing, or think something needs to be added please tell me.

Rate this:

56 responses to “PCI DSS”

A Cybersecurity Glossary with explanations of the terms and abbreviations – Brian Pennington

10/07/2024

[…] PCI DSS […]

LikeLike

Reply
VMware guides that will help you with your complaince efforts | Brian Pennington

22/08/2014

[…] PCI DSS Resources […]

LikeLike

Reply
PCI Security Standards Council publishes third-party security assurance guidance | Brian Pennington

08/08/2014

[…] PCI DSS Resources […]

LikeLike

Reply
PCI Security Standards Council publishes card production security requirements | Brian Pennington

09/05/2013

[…] PCI DSS Resources […]

LikeLike

Reply
Sometimes it is a good idea to have in-house skills | Brian Pennington

20/03/2013

[…] PCI DSS Resources […]

LikeLike

Reply
Merchant sues VISA. Biting the hand that feeds you? | Brian Pennington

18/03/2013

[…] PCI DSS Resources […]

LikeLike

Reply
Lack of guidance on BYOD raises data protection concerns | Brian Pennington

08/03/2013

[…] PCI DSS Resources […]

LikeLike

Reply
PCI SSC releases guidance for merchants on mobile payment acceptance security « Brian Pennington

14/02/2013

[…] PCI DSS Resources […]

LikeLike

Reply
PCI SSC releases PCI DSS Cloud Computing Guidelines « Brian Pennington

07/02/2013

[…] PCI DSS Resources […]

LikeLike

Reply
PCI SSC releases its PCI DSS E-commerce Security Guidelines « Brian Pennington

01/02/2013

[…] PCI DSS Resources […]

LikeLike

Reply
PCI SSC releases its Best practices to help prevent card data compromise at ATMs « Brian Pennington

31/01/2013

[…] PCI DSS Resources […]

LikeLike

Reply
Want to be PCI DSS compliant? Here are 5 mistakes to avoid. « Brian Pennington

09/01/2013

[…] PCI DSS Resources […]

LikeLike

Reply
Want to be PCI DSS compliant? Here are 5 mistakes to avoid. « Brian Pennington

09/01/2013

[…] PCI DSS Resources […]

LikeLike

Reply
PCI SSC’s insights on mobile, encryption and payment security following the North American community meeting « Brian Pennington

19/09/2012

[…] Pennington HomeAbout Brian PenningtonPCI DSS Resources « Data Protection Advice for schools and just about […]

LikeLike

Reply
Feedback requested from PCI community on best practices to help prevent card data compromise at ATMs « Brian Pennington

15/09/2012

[…] Pennington HomeAbout Brian PenningtonPCI DSS Resources « PCI Security Standards Council releases best practices for mobile […]

LikeLike

Reply
PCI Security Standards Council releases best practices for mobile software developers « Brian Pennington

14/09/2012

[…] Pennington HomeAbout Brian PenningtonPCI DSS Resources « The average cost of a breach event is $7.2 million or $214 per […]

LikeLike

Reply
The average cost of a breach event is $7.2 million or $214 per compromised record « Brian Pennington

13/09/2012

[…] Pennington HomeAbout Brian PenningtonPCI DSS Resources « Almost 50% of organizations report 10 or more significant data breaches […]

LikeLike

Reply
PCI Security Standard Council releases summary of feedback on PCI standards « Brian Pennington

09/09/2012

[…] Pennington HomeAbout Brian PenningtonPCI DSS Resources « Advance malware threats are growing at an […]

LikeLike

Reply
65% of businesses do not protect their customers’ private data « Brian Pennington

24/08/2012

[…] Pennington HomeAbout Brian PenningtonPCI DSS Resources « Counting the cost of e-crime to retailers. Actually it’s £205.4 million […]

LikeLike

Reply
PCI Security Standards Council’s Qualified Integrators and Resellers program is now live « Brian Pennington

15/08/2012

[…] Pennington HomeAboutPCI DSS Resources « Who is responsible for data protection in […]

LikeLike

Reply
The Information Commissioner’s 5 Tips on how to better protect personal information « Brian Pennington

08/08/2012

[…] Pennington HomeAboutPCI DSS Resources « Torbay Care Trust (NHS) fined £175,000 for breaching the Data […]

LikeLike

Reply
PCI Security Standards Council Internal Security Assessor (ISA) training now available as an eLearning course « Brian Pennington

03/08/2012

[…] Pennington HomeAboutPCI DSS Resources « Information Commissioners reaction to Google and their retention of Street […]

LikeLike

Reply
Criminal logic; follow the money and find easy targets « Brian Pennington

16/07/2012

[…] Pennington HomeAboutPCI DSS Resources « PCI Security Standards Council releases Point-to-Point encryption […]

LikeLike

Reply
PCI Security Standards Council releases Point-to-Point encryption (p2pe) resources « Brian Pennington

29/06/2012

[…] Pennington HomeAboutPCI DSS Resources « Network Barometer Report 2012 – a Dimension […]

LikeLike

Reply
PCI Security Standards Council releases Point-to-Point encryption (p2pe) resources « Brian Pennington

29/06/2012

[…] Pennington HomeAboutPCI DSS Resources « Network Barometer Report 2012 – a Dimension […]

LikeLike

Reply
Preet

08/06/2012

Cloud computing, vizrtaliuation, and other technologies are perfectly acceptable as long as your systems are properly configured and satisfy the PCI DSS requirements. It’s not about the technology it’s about the configuration, written agreements, and scope.Thank you for the link to PCIAnswers.com!

LikeLike

Reply
Database security and SIEM are the top Risk and Compliance converns « Brian Pennington

30/05/2012

[…] Pennington HomeAboutPCI DSS Resources « Proposed European wide Data Protection Act – […]

LikeLike

Reply
Guidance for merchants on how to securely accept mobile payments « Brian Pennington

16/05/2012

[…] Pennington HomeAboutPCI DSS Resources « The good old fashion way to breach the Data Protection Act – lose […]

LikeLike

Reply
76% of Credit Card Breaches result from third party system support, development and/or maintenance. | The World According to…

11/05/2012

[…] applications into merchant environments in a manner that supports PCI DSS compliance. The PCI SSC will maintain a global list of QIRs, ensuring merchants a trusted resource for selecting PCI […]

LikeLike

Reply
PCI Security Standards Council announces qualified integrators and resellers certification program « Brian Pennington

10/05/2012

[…] Pennington HomeAboutPCI DSS Resources « UK Fraud […]

LikeLike

Reply
PCI Point-to-Point Encryption Solution Requirements and Testing Procedures v1.1 « Brian Pennington

27/04/2012

[…] Pennington HomeAboutPCI DSS Resources « The PCI SSC has opened its registration for the 2012 PCI […]

LikeLike

Reply
The PCI SSC has opened its registration for the 2012 PCI Community Meetings « Brian Pennington

11/04/2012

[…] Pennington HomeAboutPCI DSS Resources « 2012 Application Security Gap Study: A Survey of IT Security […]

LikeLike

Reply
2012 Application Security Gap Study: A Survey of IT Security & Developers « Brian Pennington

29/03/2012

[…] Pennington HomeAboutPCI DSS Resources « PCI Security Standards Council pushing for feedback as window starts […]

LikeLike

Reply
PCI Security Standards Council pushing for feedback as window starts to close « Brian Pennington

28/03/2012

[…] Pennington HomeAboutPCI DSS Resources « 2,000 lost Medical Records leads to an investigation by the […]

LikeLike

Reply
Verizon 2012 Data Breach Investigation Report – a summary « Brian Pennington

27/03/2012

[…] Pennington HomeAboutPCI DSS Resources « UK Card Fraud losses fall because of technology and […]

LikeLike

Reply
UK Card Fraud losses fall because of technology and risk awareness « Brian Pennington

26/03/2012

[…] Pennington HomeAboutPCI DSS Resources « RSA’s March Online […]

LikeLike

Reply
03/26/2012: Facebook, PCI Security Standards Council (PCI SSC), AcceptEmail | SociallyPay

26/03/2012

[…] The PCI Security Standards Council (PCI SSC) is participating in a Congressional hearing titled “The Future of Money: How Mobile Payments Could Change Financial Services,” held by the Subcommittee on Financial Institutions and Consumer Credit. […]

LikeLike

Reply
PCI Security Standards Council continues focus on mobile payment acceptance security « Brian Pennington

23/03/2012

[…] Pennington HomeAboutPCI DSS Resources « Police fined by the Information Commissioner. If the Police can lose sensitive that […]

LikeLike

Reply
Page not found « Brian Pennington

23/03/2012

[…] Brian Pennington HomeAboutPCI DSS Resources […]

LikeLike

Reply
PCI SSC announces formal training in Europe (London) « Brian Pennington

21/02/2012

[…] Pennington HomeAboutPCI DSS Resources « Is the Information Commissioner having a purge […]

LikeLike

Reply
PCI Security Standards Council invites payments community to input on PIN Transaction Security « Brian Pennington

08/02/2012

[…] Pennington HomeAboutPCI DSS Resources « PayPal, Payments […]

LikeLike

Reply
PayPal, Payments and PCI « Brian Pennington

07/02/2012

[…] Pennington HomeAboutPCI DSS Resources « E*Trade Securities Ltd falls foul of the ICO after losing […]

LikeLike

Reply
Raj Gna

25/01/2012

Hi Brian

I am going to develop a PCI DSS Complaince project which will be helpful for the Banks to control their merchants who handles the Credit cards. My project takes care of

– Merchant’s SAQ Compliance
– Merchant’s PCI Level
-Merchant’s scan status and scan
-Merchant Validation
-Acquirer (Banks) can view all the merchant details
– and few more options

My question is: To develop a project, should I get any confirmation from PCI DSS Organisation? Please clarify my doubt. If anyone answer my question, I will be grateful to you

Regards
Raj Gna
Email: littlegroup555@gmail.com

LikeLike

Reply
Security is still the biggest technology challenge for retailers « Brian Pennington

10/01/2012

[…] Pennington HomeAboutPCI DSS Resources « Data Security Survey to gauge organisations’ perception of their own […]

LikeLike

Reply
Eight Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data « Brian Pennington

03/01/2012

[…] Pennington HomeAboutPCI DSS Resources « 7 experts predict the IT security and compliance issues and trends of 2012 Data […]

LikeLike

Reply
Tokenization for Dummies a Free eBook « Brian Pennington

19/12/2011

[…] Pennington HomeAboutPCI DSS Resources « Illicit access of medical records leads to a breach of the Data […]

LikeLike

Reply
Last chance to review your PCI readiness before the holiday season « Brian Pennington

12/12/2011

[…] Pennington HomeAboutPCI DSS Resources « RSA’s November Online […]

LikeLike

Reply
Only 21% of merchants were compliant and other startling PCI DSS facts from the coal face « Brian Pennington

11/11/2011

[…] Pennington HomeAboutPCI DSS Resources « Gambling takes on a new meaning when someone steals your […]

LikeLike

Reply
Merchants are more concerned about their brand than PCI fines « Brian Pennington

12/09/2011

[…] Pennington HomeAboutPCI DSS Resources « Five Ways to Fall Victim to Credit […]

LikeLike

Reply
PCI DSS – updated guidelines for WiFi and new guidance on Bluetooth « Brian Pennington

01/09/2011

[…] Pennington HomeAboutPCI DSS Resources « Information rights should be embedded in schools, […]

LikeLike

Reply
25% of Mobile Network Operators are not PCI DSS Compliant « Brian Pennington

25/05/2011

[…] Pennington HomeAboutPCI DSS Resources « Fraudsters steal $1.4 Billion […]

LikeLike

Reply
PCI Compliance Risks for Small Merchants and where they are failing « Brian Pennington

12/05/2011

[…] Pennington HomeAboutPCI DSS Resources « Study: Consumers’ Reaction to […]

LikeLike

Reply
Call Centre Security and PCI Compliance « Brian Pennington

12/04/2011

[…] Pennington HomeAboutPCI DSS Resources « Epsilon admits to a data breach that could […]

LikeLike

Reply
Comparison Of Cost Of Ownership Between In-House And Managed Pay « Brian Pennington

31/03/2011

[…] Pennington HomeAboutPCI DSS Resources « How to Choose a QSA […]

LikeLike

Reply
Benefits of PCI Compliance – direct and indirect « Brian Pennington

14/03/2011

[…] Pennington HomeAboutPCI DSS Resources « Cloud Computing Risk Assessment […]

LikeLike

Reply
Eight must-fix flaws prior to an application penetration test | Brian Pennington

15/02/2011

[…] Pennington A blog about IT Security & Compliance Skip to content HomeAboutPCI DSS Resources ← Wells Fargo Offers Online and Mobile Fraud […]

LikeLike

Reply

PCI DSS

Rate this:

56 responses to “PCI DSS”

Leave a reply to The average cost of a breach event is $7.2 million or $214 per compromised record « Brian Pennington Cancel reply