542:, but the laws of some states refer to PCI DSS directly or make equivalent provisions. Legal scholars Edward Morse and Vasant Raval have said that by enshrining PCI DSS compliance in legislation, card networks reallocated the cost of fraud from card issuers to merchants. In 2007, Minnesota enacted a law prohibiting the retention of some types of payment-card data more than 48 hours after authorization of a transaction. Nevada incorporated the standard into state law two years later, requiring compliance by merchants doing business in that state with the current PCI DSS and shielding compliant entities from liability. The Nevada law also allows merchants to avoid liability by other approved security standards. In 2010,
494:(ISA) is an individual who has earned a certificate from the PCI Security Standards Council for their sponsoring organization, and can conduct PCI self-assessments for their organization. The ISA program was designed to help Level 2 merchants meet Mastercard compliance validation requirements. ISA certification empowers an individual to conduct an appraisal of his or her association and propose security solutions and controls for PCI DSS compliance. ISAs are in charge of cooperation and participation with QSAs.
130:
governing entity which mandates the evolution and development of the PCI DSS. Independent private organizations can participate in PCI development after they register. Each participating organization joins a SIG (Special
Interest Group) and contributes to activities mandated by the group. The following versions of the PCI DSS have been made available:
605:, GLBA, the credit-card industry's PCI, the various disclosure laws, the European Data Protection Act, whatever—has been the best stick the industry has found to beat companies over the head with. And it works. Regulation forces companies to take security more seriously, and sells more products and services.
125:
The intentions of each were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process, and transmit cardholder data. To address interoperability problems among the existing standards, the combined
563:
The McCombs assert that the PCI system is less a system for securing customer card data than a system for raking in profits for the card companies via fines and penalties. Visa and MasterCard impose fines on merchants even when there is no fraud loss at all, simply because the fines are "profitable
510:
require merchants and service providers to be validated according to the PCI DSS; Visa also offers a
Technology Innovation Program (TIP), an alternative program which allows qualified merchants to discontinue the annual PCI DSS validation assessment. Merchants are eligible if they take alternative
129:
The
Payment Card Industry Security Standards Council (PCI SSC) was then formed, and these companies aligned their policies to create the PCI DSS. MasterCard, American Express, Visa, JCB International and Discover Financial Services established the PCI SSC in September 2006 as an administrative and
652:
Compliance validation is required only for level 1 to 3 merchants and may be optional for Level 4, depending on the card brand and acquirer. According to Visa's compliance validation details for merchants, level-4 merchant compliance-validation requirements ("Merchants processing less than 20,000
461:
The PCI DSS Self-Assessment
Questionnaire (SAQ) is a validation tool intended for small to medium sized merchants and service providers to assess their own PCI DSS compliance status. There are multiple types of SAQ, each with a different length depending on the entity type and payment model used.
452:
A Report on
Compliance (ROC) is conducted by a PCI Qualified Security Assessor (QSA) and is intended to provide independent validation of an entity's compliance with the PCI DSS standard. A completed ROC results in two documents: a ROC Reporting Template populated with detailed explanation of the
648:
to allow compliance to be demonstrated with representative systems and processes. It is the responsibility of the merchant and service provider to achieve, demonstrate, and maintain compliance throughout the annual validation-and-assessment cycle across all systems and processes. A breakdown in
580:
are very expensive to implement, confusing to comply with, and ultimately subjective, both in their interpretation and in their enforcement. It is often stated that there are only twelve "Requirements" for PCI compliance. In fact there are over 220 sub-requirements; some of which can place an
1292:"Do the Payment Card Industry Data Standards Reduce Cybercrime? A Hearing before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the Committee on Homeland Security, House of Representatives, One Hundred Eleventh Congress, First Session, March 31, 2009"
649:
merchant and service-provider compliance with the written standard may have been responsible for the breaches; Hannaford
Brothers received its PCI DSS compliance validation one day after it had been made aware of a two-month-long compromise of its internal systems.
443:
Compliance validation involves the evaluation and confirmation that the security controls and procedures have been implemented according to the PCI DSS. Validation occurs through an annual assessment, either by an external entity, or by self-assessment.
620:
blend ... specificity and high-level concepts stakeholders the opportunity and flexibility to work with
Qualified Security Assessors (QSAs) to determine appropriate security controls within their environment that meet the intent of the PCI
482:(QSA) is an individual certified by the PCI Security Standards Council to validate another entity's PCI DSS compliance. QSAs must be employed and sponsored by a QSA Company, which also must be certified by the PCI Security Standards Council.
250:
updated firewall terminology, expansion of
Requirement 8 to implement multi-factor authentication (MFA), increased flexibility to demonstrate security, and targeted risk analyses to establish risk exposure operation and management
289:
Each PCI DSS version has divided these six requirement groups differently, but the twelve requirements have not changed since the inception of the standard. Each requirement and sub-requirement is divided into three sections:
1403:
462:
Each SAQ question has a yes-or-no answer, and any "no" response requires the entity to indicate its future implementation. As with ROCs, an attestation of compliance (AOC) based on the SAQ is also completed.
546:
also incorporated the standard into state law. Unlike Nevada's law, entities are not required to be PCI DSS-compliant; however, compliant entities are shielded from liability in the event of a data breach.
525:
are not required to undergo PCI DSS validation, although they must secure sensitive data in a PCI DSS-compliant manner. Acquiring banks must comply with PCI DSS and have their compliance validated with an
530:. In a security breach, any compromised entity which was not PCI DSS-compliant at the time of the breach may be subject to additional penalties (such as fines) from card brands or acquiring banks.
414:
Companies subject to PCI DSS standards must be PCI-compliant; how they prove and report their compliance is based on their annual number of transactions and how the transactions are processed. An
625:
Visa chief enterprise risk officer Ellen Richey said in 2018, "No compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach". However, a 2008 breach of
1004:
1085:
502:
Although the PCI DSS must be implemented by all entities which process, store or transmit cardholder data, formal validation of PCI DSS compliance is not mandatory for all entities.
1372:
602:
1063:
126:
effort by the principal credit-card organizations resulted in the release of version 1.0 of PCI DSS in
December 2004. PCI DSS has been implemented and followed worldwide.
1037:
1395:
1501:
1102:
53:
857:
889:
1342:
828:
733:
Liu, Jing; Xiao, Yang; Chen, Hui; Ozdemir, Suat; Dodle, Srinivas; Singh, Vikas (2010). "A Survey of
Payment Card Industry Data Security Standard".
996:
657:. Over 80 percent of payment-card compromises between 2005 and 2007 affected level-4 merchants, who handled 32 percent of all such transactions.
708:
362:
The PCI SSC (Payment Card Industry Security Standards Council) has released supplemental information to clarify requirements, which includes:
1163:
974:
593:
The PCI DSS may compel businesses pay more attention to IT security, even if minimum standards are not enough to eradicate security problems.
1240:
1141:
918:
453:
testing completed, and an Attestation of Compliance (AOC) documenting that a ROC has been completed and the overall conclusion of the ROC.
1364:
555:
Visa and Mastercard impose fines for non-compliance. Stephen and Theodora "Cissy" McComb, owners of Cisero's Ristorante and Nightclub in
653:
Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually") are set by the
644:
Assessments examine the compliance of merchants and service providers with the PCI DSS at a specific point in time, frequently using
802:
1492:
1059:
941:"Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards"
1185:
470:
The PCI Security Standards Council maintains a program to certify companies and individuals to perform assessment activities.
1110:
776:
1211:
702:"Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures Version 3.2.1 May 2018"
300:
Guidance: Explains the purpose of the requirement and the corresponding content, which can assist in its proper definition.
1295:
1563:
1558:
1440:
850:
479:
75:
629:(validated as PCI DSS-compliant) resulted in the compromising of one hundred million card numbers. Around that time,
948:
630:
613:
491:
418:
or payment brand may manually place an organization into a reporting level at its discretion. Merchant levels are:
297:
Testing: The processes and methodologies carried out by the assessor for the confirmation of proper implementation.
262:
The PCI DSS has twelve requirements for compliance, organized into six related groups known as control objectives:
68:
637:(also validated as PCI DSS-compliant) were similarly breached as a result of the allegedly-coordinated efforts of
294:
PCI DSS requirements: Define the requirement. The PCI DSS endorsement is made when the requirement is implemented.
60:. Validation of compliance is performed annually or quarterly with a method suited to the volume of transactions:
1522:
626:
569:
516:
118:
1031:"Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures Version 3.2"
882:
671:
267:
185:
minor corrections designed to create more clarity and consistency among the standards and supporting documents
1527:
1338:
824:
1548:
1485:
1139:
Private Ordering in Light of the Law: Achieving Consumer Protection through Payment Card Security Measures
56:, and its use is mandated by the card brands. It was created to better control cardholder data and reduce
1553:
1311:
997:"Things Merchants Need to Know | Process Payment Data & Secured Transactions | Mastercard"
645:
609:
350:
309:
41:
701:
1470:
1160:
970:
1233:
1138:
1030:
914:
750:
543:
681:
57:
1432:
1161:
Minnesota's PCI Law: A Small Step on the Path to a Statutory Duty of Data Security Due Care'
742:
666:
106:
1428:
Cyber safety: systems thinking and systems theory approach to managing cyber security risks
435:
Each card issuer maintains a table of compliance levels and a table for service providers.
1478:
1324:
1167:
1145:
638:
556:
101:
798:
369:
Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
654:
594:
415:
1542:
634:
539:
112:
825:"Securing the Future of Payments: PCI SSC Publishes PCI Data Security Standard v4.0"
754:
1181:
746:
676:
522:
428:
Level 3 – Between 20,000 and one million transactions, and all e-commerce merchants
331:
315:
Avoid vendor-supplied defaults for system passwords and other security parameters.
768:
559:, were fined for a breach for which two forensics firms could not find evidence:
174:
enhanced clarity, improved flexibility, and addressed evolving risks and threats
1207:
324:
Protect all systems against malware, and update anti-virus software or programs.
49:
45:
1291:
507:
97:
1426:
1266:
1149:
DePaul Business & Commercial Law Journal 10, no. 2 (Winter 2012): 213-266
1267:"Rare Legal Fight Takes on Credit Card Company Security Standards and Fines"
503:
91:
1396:"Post-breach criticism of PCI security standard misplaced, Visa exec says"
573:
1436:
940:
576:, testified before a U.S. Congressional subcommittee about the PCI DSS:
1465:
17:
1517:
372:
Navigating the PCI DSS - Understanding the Intent of the Requirements
1086:"Qualification Requirements for Qualified Security Assessors (QSA)"
527:
343:
Track and monitor access to network resources and cardholder data.
612:
Council general manager Bob Russo responded to objections by the
321:
Encrypt transmission of cardholder data on open, public networks.
1474:
538:
Compliance with PCI DSS is not required by federal law in the
512:
304:
In version 3.2.1 of the PCI DSS, the twelve requirements are:
1365:"Can PCI Compliance be Harmful to Your Security Initiative?"
366:
Information Supplement: Requirement 11.3 Penetration Testing
87:
The major card brands had five different security programs:
1518:
PCI Payment Application Data Security Standard (PCI PA-DSS)
1431:(Thesis thesis). Massachusetts Institute of Technology.
1339:"Bruce Schneier Reflects on a Decade of Security Trends"
349:
Maintain an information security policy which addresses
1171:
William Mitchell Law Review 34, no. 3 (2008): 1115-1146
27:
Set of security requirements for credit card processors
337:
Identify and authenticate access to system components.
883:"Information Supplement: PCI DSS Wireless Guidelines"
327:
Develop and maintain secure systems and applications.
1103:"Avoid Paying For PCI Certification You Don't Need"
399:
The lifecycle for Changes to the PCI DSS and PA-DSS
827:. PCI Security Standards Council. March 31, 2022.
425:Level 2 – Between one and six million transactions
1024:
1022:
1502:Payment Card Industry Security Standards Council
422:Level 1 – Over six million transactions annually
54:Payment Card Industry Security Standards Council
618:
599:
578:
561:
330:Restrict access to cardholder data by business
511:precautions against fraud, such as the use of
346:Regularly test security systems and processes.
1486:
402:Guidance for PCI DSS Scoping and Segmentation
206:active from January 1, 2014 to June 30, 2015
8:
1466:Official PCI Security Standards Council Site
340:Restrict physical access to cardholder data.
34:Payment Card Industry Data Security Standard
735:IEEE Communications Surveys & Tutorials
587:many of which are subject to interpretation
378:PCI DSS Applicability in an EMV Environment
276:Maintain a vulnerability management program
1493:
1479:
1471:
1341:. Schneier on Security. January 15, 2008.
498:Compliance versus validation of compliance
94:'s Cardholder Information Security Program
1523:PCI Point to Point Encryption (PCI P2PE)
1132:
1130:
1128:
279:Implement strong access-control measures
132:
1036:. PCI Security Standards Council, LLC.
707:. PCI Security Standards Council, LLC.
693:
431:Level 4 – Less than 20,000 transactions
285:Maintain an information security policy
1528:PCI PIN Transaction Security (PCI PTS)
1406:from the original on September 4, 2018
1320:
1309:
951:from the original on September 2, 2019
863:from the original on November 12, 2020
714:from the original on September 1, 2018
396:PCI DSS 2.0 Risk Assessment Guidelines
115:'s Information Security and Compliance
52:. The standard is administered by the
1188:from the original on October 10, 2019
1007:from the original on February 9, 2019
977:from the original on February 9, 2019
895:from the original on October 31, 2018
805:from the original on November 7, 2020
7:
1513:PCI Data Security Standard (PCI DSS)
1394:Vijayan, Jaikumar (March 19, 2009).
1214:from the original on October 1, 2019
358:Updates and supplemental information
1443:from the original on April 18, 2021
1375:from the original on April 18, 2021
1298:from the original on March 30, 2019
921:from the original on March 23, 2023
282:Regularly monitor and test networks
64:Self-assessment questionnaire (SAQ)
1345:from the original on March 3, 2019
1246:from the original on July 28, 2019
1062:. PCI Security Standards Council.
1040:from the original on July 19, 2023
831:from the original on April 9, 2022
801:. PCI Security Standards Council.
779:from the original on April 2, 2022
312:system to protect cardholder data.
163:clarification and minor revisions
25:
1234:"2010 Wash. Sess. Laws 1055, § 3"
1091:. PCI Security Standards Council.
1066:from the original on May 18, 2023
641:and two unnamed Russian hackers.
390:PCI DSS Virtualization Guidelines
109:'s Data Security Operating Policy
1265:Zetter, Kim (January 11, 2012).
1029:PCI Security Standards Council.
597:spoke in favor of the standard:
534:Legislation in the United States
381:Prioritized Approach for PCI DSS
228:retired since December 31, 2018
1136:Edward A. Morse; Vasant Raval,
851:"PCI DSS Quick Reference Guide"
583:incredible burden on a retailer
393:PCI DSS Tokenization Guidelines
318:Protect stored cardholder data.
217:retired since October 31, 2016
1109:. May 12, 2010. Archived from
1060:"Qualified Security Assessors"
773:PCI Security Standards Council
747:10.1109/SURV.2010.031810.00083
1:
457:Self-Assessment Questionnaire
387:PCI DSS Quick Reference Guide
239:retired since March 31, 2024
1208:"NEV. REV. STAT. § 603A.215"
945:www.pcisecuritystandards.org
915:"PCI DSS v4.0 Resource Hub"
480:Qualified Security Assessor
474:Qualified Security Assessor
375:PCI DSS Wireless Guidelines
76:Qualified Security Assessor
1580:
614:National Retail Federation
564:to them," the McCombs say.
492:Internal Security Assessor
486:Internal Security Assessor
69:Internal Security Assessor
1508:
627:Heartland Payment Systems
551:Controversy and criticism
517:point-to-point encryption
405:PCI DSS v4.0 Resource Hub
384:Prioritized Approach Tool
1425:Salim, Hamid M. (2014).
672:Vulnerability management
121:'s Data Security Program
44:standard used to handle
1294:. GPO. March 31, 2009.
1182:"MINN. STAT. § 325E.64"
1166:August 6, 2020, at the
1144:August 6, 2020, at the
308:Install and maintain a
273:Protect cardholder data
1319:Cite journal requires
623:
607:
591:
566:
439:Compliance validation
266:Build and maintain a
448:Report on Compliance
351:information security
42:information security
1564:Security compliance
1559:Information privacy
888:. August 26, 2011.
1369:www.brighttalk.com
799:"Document Library"
631:Hannaford Brothers
466:Security Assessors
353:for all personnel.
150:December 15, 2004
1536:
1535:
1158:James T. Graves,
1001:www.mastercard.us
682:Wireless security
255:
254:
58:credit card fraud
16:(Redirected from
1571:
1495:
1488:
1481:
1472:
1453:
1452:
1450:
1448:
1422:
1416:
1415:
1413:
1411:
1391:
1385:
1384:
1382:
1380:
1361:
1355:
1354:
1352:
1350:
1335:
1329:
1328:
1322:
1317:
1315:
1307:
1305:
1303:
1288:
1282:
1281:
1279:
1277:
1262:
1256:
1255:
1253:
1251:
1245:
1238:
1230:
1224:
1223:
1221:
1219:
1204:
1198:
1197:
1195:
1193:
1178:
1172:
1156:
1150:
1134:
1123:
1122:
1120:
1118:
1099:
1093:
1092:
1090:
1082:
1076:
1075:
1073:
1071:
1056:
1050:
1049:
1047:
1045:
1035:
1026:
1017:
1016:
1014:
1012:
993:
987:
986:
984:
982:
971:"Visa in Europe"
967:
961:
960:
958:
956:
937:
931:
930:
928:
926:
911:
905:
904:
902:
900:
894:
887:
879:
873:
872:
870:
868:
862:
855:
847:
841:
840:
838:
836:
821:
815:
814:
812:
810:
795:
789:
788:
786:
784:
765:
759:
758:
730:
724:
723:
721:
719:
713:
706:
698:
667:Penetration test
601:Regulation—SOX,
410:Reporting levels
133:
107:American Express
21:
1579:
1578:
1574:
1573:
1572:
1570:
1569:
1568:
1539:
1538:
1537:
1532:
1504:
1499:
1462:
1457:
1456:
1446:
1444:
1424:
1423:
1419:
1409:
1407:
1393:
1392:
1388:
1378:
1376:
1363:
1362:
1358:
1348:
1346:
1337:
1336:
1332:
1318:
1308:
1301:
1299:
1290:
1289:
1285:
1275:
1273:
1264:
1263:
1259:
1249:
1247:
1243:
1236:
1232:
1231:
1227:
1217:
1215:
1206:
1205:
1201:
1191:
1189:
1180:
1179:
1175:
1168:Wayback Machine
1157:
1153:
1146:Wayback Machine
1135:
1126:
1116:
1114:
1113:on May 17, 2022
1101:
1100:
1096:
1088:
1084:
1083:
1079:
1069:
1067:
1058:
1057:
1053:
1043:
1041:
1033:
1028:
1027:
1020:
1010:
1008:
995:
994:
990:
980:
978:
969:
968:
964:
954:
952:
939:
938:
934:
924:
922:
913:
912:
908:
898:
896:
892:
885:
881:
880:
876:
866:
864:
860:
853:
849:
848:
844:
834:
832:
823:
822:
818:
808:
806:
797:
796:
792:
782:
780:
767:
766:
762:
732:
731:
727:
717:
715:
711:
704:
700:
699:
695:
690:
663:
639:Albert Gonzalez
568:Michael Jones,
557:Park City, Utah
553:
536:
500:
488:
476:
468:
459:
450:
441:
412:
360:
260:
160:September 2006
102:Data Protection
85:
28:
23:
22:
15:
12:
11:
5:
1577:
1575:
1567:
1566:
1561:
1556:
1551:
1541:
1540:
1534:
1533:
1531:
1530:
1525:
1520:
1515:
1509:
1506:
1505:
1500:
1498:
1497:
1490:
1483:
1475:
1469:
1468:
1461:
1460:External links
1458:
1455:
1454:
1417:
1386:
1356:
1330:
1321:|journal=
1283:
1257:
1225:
1199:
1173:
1151:
1124:
1094:
1077:
1051:
1018:
988:
962:
932:
906:
874:
842:
816:
790:
760:
741:(3): 287–303.
725:
692:
691:
689:
686:
685:
684:
679:
674:
669:
662:
659:
595:Bruce Schneier
552:
549:
535:
532:
499:
496:
487:
484:
475:
472:
467:
464:
458:
455:
449:
446:
440:
437:
433:
432:
429:
426:
423:
411:
408:
407:
406:
403:
400:
397:
394:
391:
388:
385:
382:
379:
376:
373:
370:
367:
359:
356:
355:
354:
347:
344:
341:
338:
335:
328:
325:
322:
319:
316:
313:
302:
301:
298:
295:
287:
286:
283:
280:
277:
274:
271:
268:secure network
259:
256:
253:
252:
248:
245:
241:
240:
237:
234:
230:
229:
226:
223:
219:
218:
215:
212:
208:
207:
204:
203:November 2013
201:
197:
196:
194:
191:
187:
186:
183:
180:
176:
175:
172:
169:
165:
164:
161:
158:
154:
153:
151:
148:
144:
143:
140:
137:
123:
122:
116:
110:
104:
95:
84:
81:
80:
79:
72:
67:Firm-specific
65:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1576:
1565:
1562:
1560:
1557:
1555:
1552:
1550:
1549:Payment cards
1547:
1546:
1544:
1529:
1526:
1524:
1521:
1519:
1516:
1514:
1511:
1510:
1507:
1503:
1496:
1491:
1489:
1484:
1482:
1477:
1476:
1473:
1467:
1464:
1463:
1459:
1442:
1438:
1434:
1430:
1429:
1421:
1418:
1405:
1401:
1400:Computerworld
1397:
1390:
1387:
1374:
1370:
1366:
1360:
1357:
1344:
1340:
1334:
1331:
1326:
1313:
1297:
1293:
1287:
1284:
1272:
1268:
1261:
1258:
1242:
1235:
1229:
1226:
1213:
1209:
1203:
1200:
1187:
1183:
1177:
1174:
1170:
1169:
1165:
1162:
1155:
1152:
1148:
1147:
1143:
1140:
1133:
1131:
1129:
1125:
1112:
1108:
1104:
1098:
1095:
1087:
1081:
1078:
1065:
1061:
1055:
1052:
1039:
1032:
1025:
1023:
1019:
1006:
1002:
998:
992:
989:
976:
972:
966:
963:
950:
946:
942:
936:
933:
920:
916:
910:
907:
891:
884:
878:
875:
859:
852:
846:
843:
830:
826:
820:
817:
804:
800:
794:
791:
778:
774:
770:
764:
761:
756:
752:
748:
744:
740:
736:
729:
726:
710:
703:
697:
694:
687:
683:
680:
678:
675:
673:
670:
668:
665:
664:
660:
658:
656:
650:
647:
642:
640:
636:
635:TJX Companies
632:
628:
622:
617:
615:
611:
606:
604:
598:
596:
590:
588:
584:
577:
575:
571:
565:
560:
558:
550:
548:
545:
541:
540:United States
533:
531:
529:
524:
523:Issuing banks
520:
518:
514:
509:
505:
497:
495:
493:
485:
483:
481:
473:
471:
465:
463:
456:
454:
447:
445:
438:
436:
430:
427:
424:
421:
420:
419:
417:
409:
404:
401:
398:
395:
392:
389:
386:
383:
380:
377:
374:
371:
368:
365:
364:
363:
357:
352:
348:
345:
342:
339:
336:
333:
329:
326:
323:
320:
317:
314:
311:
307:
306:
305:
299:
296:
293:
292:
291:
284:
281:
278:
275:
272:
269:
265:
264:
263:
257:
249:
246:
243:
242:
238:
235:
232:
231:
227:
224:
221:
220:
216:
213:
210:
209:
205:
202:
199:
198:
195:
193:October 2010
192:
189:
188:
184:
181:
178:
177:
173:
171:October 2008
170:
167:
166:
162:
159:
156:
155:
152:
149:
146:
145:
141:
138:
135:
134:
131:
127:
120:
117:
114:
111:
108:
105:
103:
99:
96:
93:
90:
89:
88:
82:
77:
73:
70:
66:
63:
62:
61:
59:
55:
51:
47:
43:
39:
35:
30:
19:
1554:Computer law
1512:
1445:. Retrieved
1437:1721.1/90804
1427:
1420:
1410:September 4,
1408:. Retrieved
1399:
1389:
1377:. Retrieved
1368:
1359:
1347:. Retrieved
1333:
1312:cite journal
1300:. Retrieved
1286:
1274:. Retrieved
1270:
1260:
1248:. Retrieved
1228:
1216:. Retrieved
1202:
1190:. Retrieved
1176:
1159:
1154:
1137:
1115:. Retrieved
1111:the original
1107:FierceRetail
1106:
1097:
1080:
1068:. Retrieved
1054:
1044:September 4,
1042:. Retrieved
1009:. Retrieved
1000:
991:
979:. Retrieved
965:
955:February 21,
953:. Retrieved
944:
935:
923:. Retrieved
909:
897:. Retrieved
877:
867:November 12,
865:. Retrieved
845:
833:. Retrieved
819:
809:November 12,
807:. Retrieved
793:
783:December 15,
781:. Retrieved
772:
763:
738:
734:
728:
718:September 4,
716:. Retrieved
696:
677:Wireless LAN
651:
643:
624:
619:
608:
600:
592:
586:
582:
579:
567:
562:
554:
537:
521:
501:
489:
477:
469:
460:
451:
442:
434:
413:
361:
332:need to know
303:
288:
261:
258:Requirements
128:
124:
86:
46:credit cards
37:
33:
31:
29:
1250:October 10,
1218:October 10,
1192:October 10,
1011:February 8,
981:February 8,
270:and systems
247:March 2022
225:April 2016
214:April 2015
50:card brands
48:from major
1543:Categories
1447:October 8,
1379:October 9,
769:"About Us"
688:References
621:standards.
544:Washington
508:Mastercard
182:July 2009
98:Mastercard
1302:March 30,
1276:March 30,
1117:March 26,
925:March 24,
899:August 8,
236:May 2018
74:External
1441:Archived
1404:Archived
1373:Archived
1349:March 8,
1343:Archived
1296:Archived
1241:Archived
1212:Archived
1186:Archived
1164:Archived
1142:Archived
1064:Archived
1038:Archived
1005:Archived
975:Archived
949:Archived
919:Archived
890:Archived
858:Archived
835:April 8,
829:Archived
803:Archived
777:Archived
755:18117838
709:Archived
661:See also
655:acquirer
646:sampling
574:Michaels
416:acquirer
310:firewall
113:Discover
100:'s Site
40:) is an
1070:May 18,
136:Version
83:History
38:PCI DSS
18:PCI-DSS
753:
233:3.2.1
179:1.2.1
142:Notes
1271:Wired
1244:(PDF)
1237:(PDF)
1089:(PDF)
1034:(PDF)
893:(PDF)
886:(PDF)
861:(PDF)
854:(PDF)
751:S2CID
712:(PDF)
705:(PDF)
603:HIPAA
528:audit
78:(QSA)
71:(ISA)
1449:2020
1412:2018
1381:2020
1351:2019
1325:help
1304:2019
1278:2019
1252:2019
1220:2019
1194:2019
1119:2018
1072:2023
1046:2018
1013:2019
983:2019
957:2007
927:2023
901:2018
869:2020
837:2022
811:2020
785:2022
720:2018
633:and
585:and
506:and
504:Visa
244:4.0
222:3.2
211:3.1
200:3.0
190:2.0
168:1.2
157:1.1
147:1.0
139:Date
92:Visa
32:The
1433:hdl
743:doi
610:PCI
572:of
570:CIO
515:or
513:EMV
490:An
119:JCB
1545::
1439:.
1402:.
1398:.
1371:.
1367:.
1316::
1314:}}
1310:{{
1269:.
1239:.
1210:.
1184:.
1127:^
1105:.
1021:^
1003:.
999:.
973:.
947:.
943:.
917:.
856:.
775:.
771:.
749:.
739:12
737:.
616::
519:.
478:A
1494:e
1487:t
1480:v
1451:.
1435::
1414:.
1383:.
1353:.
1327:)
1323:(
1306:.
1280:.
1254:.
1222:.
1196:.
1121:.
1074:.
1048:.
1015:.
985:.
959:.
929:.
903:.
871:.
839:.
813:.
787:.
757:.
745::
722:.
589:.
334:.
36:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.