PCI DSS requirements - high-level overview
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing, including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Below is a high-level overview of the 12 PCI DSS requirements.
These requirements are defined by the Payment Card Industry (PCI) Security Standards Council as part of the PCI Data Security Standard (DSS) Version 3.2. Please refer to the PCI DSS for information on testing procedures and guidance for each requirement.