CHAPTER 6: HOW DO YOU COMPLY WITH THE REQUIREMENTS OF THE STANDARD?

All organisations must comply with the PCI DSS. There are two options for demonstrating compliance: an annual on-site security audit by a QSA or ISA and the submission of four passing quarterly network scans by an ASV, or completion of a Self-Assessment Questionnaire (SAQ) and the submission of four passing quarterly network scans. Which option applies is determined by an organisation’s transaction volume and whether or not it has previously suffered a security breach.

The major global payment brands require that every entity – including financial institutions, merchants and service providers – that stores, processes or transmits payment card data, in every channel – including ...

Get PCI DSS: A pocket guide, sixth edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.