PCI DSS resources

Protect profits by managing payment card risk

Data sheet

The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that transmit, process or store payment card data. Although the Standard is technically complex to implement, it is based on common information security practices.

Find out how IT Governance’s approach uses the PCI DSS as a set of information security controls that can be effectively integrated within a broader cyber security framework to further reduce risk.

The PCI DSS: Challenge or opportunity?

Executive briefing

This executive briefing outlines the 12 requirements of the PCI DSS relating to the storage, transmission and processing of cardholder data. We outline the five major PCI DSS challenges faced by merchants, and based on our experience, we offer recommendations to help achieve and maintain PCI DSS compliance more effectively.

Get started with the basics of the PCI DSS by downloading this executive briefing.

Free download - PCI DSS v3.0, 3.1 and 3.2: What has changed?

Green paper

PCI DSS version 3.2 is the latest iteration of the payment security standard introduced by the Payment Card Industry Security Standards Council (PCI SSC) to safeguard the transmission and storage of payment card data.

This white paper explains the 44 changes to the Standard and the effect they might have on merchants and service providers.

The PCI DSS Self-Assessment Questionnaire (SAQ)

Information page

The PCI DSS self-assessment questionnaire (SAQ) is a validation tool for qualifying merchants and service providers that are neither required to undergo an on-site data security assessment nor submit a Report on Compliance (RoC). The purpose of the SAQ is to assist organisations in self-evaluating compliance with the PCI DSS.

This page can help you identify which SAQ you need to complete, and whether a vulnerability assessment mechanism is required.

PCI Audit Success in Nine Essential Steps

Green paper

Achieving and maintaining compliance with the PCI DSS can be a daunting process. This green paper will help organisations to effectively prepare for a PCI audit and ensure a successful audit outcome.

PCI DSS: Reducing the cardholder data environment

Green paper

When implementing the PCI DSS, it is important to define the areas of your organisation to which the Standard will apply. Reducing the cardholder data environment (CDE) can reduce the cost of implementation, but doing so can be a complex and challenging task.

This green paper will help organisations that are required to comply with the PCI DSS to reduce their CDE in order to minimise compliance costs and resources.

PCI DSS and Penetration Testing

Information page

Requirement 11 of the PCI DSS covers the need to regularly and frequently carry out tests to identify unaddressed security issues and scan for rogue wireless networks. Regular testing is fundamental to making sure an organisation is prepared for the full range of attacks that companies might have to face.

Find out which penetration test you need to identify unaddressed security issues and scan for rogue wireless networks.

Encryption for PCI DSS v3.2

Green paper

This green paper is aimed at those implementing PCI DSS v3.2 and those conducting audits to make sure an organisation is compliant. It provides some background about the issues, and explains how encryption is incorporated into the Standard and how it can be audited.

Appletree Communications Ltd: Moving beyond PCI DSS compliance

Case study

Having grown its subscription volumes beyond the transaction level required for a PCI SAQ, Appletree Communications Ltd was keen to progress to the highest level of PCI compliance as a service provider.

Find out how IT Governance helped use the opportunity to boost its credentials while extending the payment gateway and payment processing arm of the business.

Enforcement of the PCI DSS

FAQ

Concerned about the consequences of a data breach? Our FAQs answer common enforcement questions that have been sourced from the PCI DSS website.