Payment Card Industry Data Security Standard

What Does Payment Card Industry Data Security Standard Mean?

Payment card industry data security standard is a proprietary standard for all organizations that processes, transmit,s or stores payment cardholder data.


The standard provides a framework with technologies and practices that needs to be adhered to in order to protect and secure the cardholder data. Card brands comply with the standards incorporated by the payment card industry data security standard and is one of the major technical requirements for their data security compliance programs.

Techopedia Explains Payment Card Industry Data Security Standard

The payment card industry data security standard is managed by the payment card industry standards council. Validation of the compliance by the organizations is done through a periodic network scan as well through annual security audit.

By complying with the payment card industry data security standards, organizations benefits in getting more trust and business from customers. The standard also indirectly helps the organizations in complying with similar industry standards, improving the efficiency of the It infrastructure as well as providing a basis for different security strategies. The complete set of standards can be downloaded from the website of the payment card industry security standards council.

The standard can be grouped into six categories with 12 requirements which are as follows:

  1. Building and maintaining a secure network.
    • Requirement 1: In order to protect data, installing and maintain a firewall configuration.
    • Requirement 2: Avoiding vendor supplied defaults for security parameters and system passwords.
  2. Protection of the Cardholder Data Requirement
    • Requirement 3: Protecting the data which is stored.
    • Requirement 4: Across the public networks, all sensitive information and cardholder data needs to be encrypted before transmission.
  3. Availability of a Vulnerability Management Program
    • Requirement 5: Anti-virus software needs to be used and regularly updated.
    • Requirement 6: Secure systems and applications needs to be developed and maintained.
  4. Strong Access Control Measures needs to be implemented
    • Requirement 7: Restriction of data with proper access controls.
    • Requirement 8: Providing a unique ID for each user with computing access
    • Requirement 9: Restriction of cardholder data physically.
  5. Periodic test and monitor of the networks
    • Requirement 10: All access to cardholder data and resources in network needs to be monitored and tracked.
    • Requirement 11: Periodic test of security processes and environments.
  6. Usage and maintenance of an Information Security Policy
    • Requirement 12: Maintenance of policy standards which helps in addresses all information security related processes and issues.

Related Terms

Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.