The Payment Card Industry Data Security Standard (PCI DSS) must be met by all organisations (merchants and service providers) that transmit, process or store payment card data. It is a contractual obligation applied and enforced - by means of fines or other restrictions - directly by the payment providers themselves. As the cybercrime market evolves, attackers, targets and techniques do as well. The majority of data breaches still occur because basic controls are not in place, or because those that were present were not consistently implemented across an organisation. If obvious weaknesses are left exposed, chances are the attacker will exploit them. The objective of this revised practical guide is to give entities advice and tips on the entire PCI implementation process. It provides a roadmap, helping entities to navigate the broad, and sometimes confusing, PCI DSS v2, and shows them how to build and maintain a sustainable PCI compliance programme. This latest revision also includes increased guidance on how to ensure your compliance programme is 'sustainable' and has been based on real-life scenarios, which should help to ensure your PCI compliance programme remains compliant.
Although the guide starts with sections on why and what is PCI, it is not intended to replace the 'publicly available' PCI information. This book looks to serve those who have been given the responsibility of PCI, and does not attempt to provide all the answers. It should be read, absorbed and digested only with a good helping of other PCI 'publicly available' information. In other words, it will help an organisation or individual, get started, and hopefully furnish the reader with enough of the fundamental basics to create, design and build the organisation's own PCI compliance framework.