PCI DSS: A pocket guide, sixth edition
By Alan Calder and Geraint Williams
()
About this ebook
An ideal introduction to PCI DSS v3.2.1
All businesses that accept payment cards are prey for criminal hackers trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card payments in a way that effectively protects cardholder data.
All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences and expensive repercussions. These range from customer desertion and brand damage to significant financial penalties and operating restrictions imposed by their acquiring bank.
Covering PCI DSS v3.2.1, this handy pocket guide provides all the information you need to consider as you approach the Standard. It is also an ideal training resource for those in your organisation involved with payment card processing. Topics include:
- An overview of PCI DSS v3.2.1
- How to comply with the requirements of the Standard
- Maintaining compliance
- The PCI SAQ (self-assessment questionnaire)
- The PCI DSS and ISO 27001
- Procedures and qualifications
- An overview of the PA-DSS (Payment Application Data Security Standard)
- PTS (PIN Transaction Security)
- Software-based PIN entry
Buy your copy of this quick-reference guide to PCI DSS v3.2.1 today!
About the authors
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.
Alan is an acknowledged international cyber security guru. He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Geraint Williams is the CISO for the GRC International Group of companies, and a knowledgeable and experienced senior information security consultant and former PCI QSA, with a strong technical background and experience in the PCI DSS and security testing.
Geraint has provided consultancy on implementing the PCI DSS, and has conducted audits for a wide range of merchants and service providers as well as penetration testing and vulnerability assessments for clients. He has broad technical knowledge of security and IT infrastructure, including high-performance computing and Cloud computing. His certifications include CISSP® and PCIP.
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
ISO 22301:2019 and business continuity management - Understand how to plan, implement and enhance a business continuity management system (BCMS) Rating: 5 out of 5 stars5/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5IT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5PCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5Risk Assessment for Asset Owners Rating: 4 out of 5 stars4/5IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5ISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5PCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsNine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Network and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5A concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide - 3rd edition Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratings
Related to PCI DSS
Related ebooks
PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance Rating: 5 out of 5 stars5/5PCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsPCI DSS: A practical guide to implementing and maintaining compliance Rating: 5 out of 5 stars5/5PCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsPCI DSS A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5IT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsBuilding Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5PCI DSS: An Integrated Data Security Standard Guide Rating: 0 out of 5 stars0 ratingsBuilding a Practical Information Security Program Rating: 5 out of 5 stars5/5Security Architect: Careers in information security Rating: 4 out of 5 stars4/5Application security in the ISO27001:2013 Environment Rating: 4 out of 5 stars4/5Nine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 1 out of 5 stars1/5CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security Rating: 0 out of 5 stars0 ratingsInformation Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsInformation Security Auditor: Careers in information security Rating: 0 out of 5 stars0 ratingsInfosec Management Fundamentals Rating: 5 out of 5 stars5/5CISSP Exam Study Guide: NIST Framework, Digital Forensics & Cybersecurity Governance Rating: 5 out of 5 stars5/5PCI DSS 3.1: The Standard That Killed SSL Rating: 0 out of 5 stars0 ratingsThe Official (ISC)2 CCSP CBK Reference Rating: 0 out of 5 stars0 ratingsPayment Card Industry Professional: PCIP 3.0 Rating: 0 out of 5 stars0 ratingsDesigning and Building Security Operations Center Rating: 3 out of 5 stars3/5An Introduction to Information Security and ISO27001:2013: A Pocket Guide Rating: 4 out of 5 stars4/5Application Security in the ISO27001 Environment Rating: 0 out of 5 stars0 ratingsPCI DSS Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsRisk Assessment for Asset Owners Rating: 4 out of 5 stars4/5
Computers For You
Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Rating: 4 out of 5 stars4/5Elon Musk Rating: 4 out of 5 stars4/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5Standard Deviations: Flawed Assumptions, Tortured Data, and Other Ways to Lie with Statistics Rating: 4 out of 5 stars4/5The Invisible Rainbow: A History of Electricity and Life Rating: 4 out of 5 stars4/5Mastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5CompTIA IT Fundamentals (ITF+) Study Guide: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsThe ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsProcreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratingsAlan Turing: The Enigma: The Book That Inspired the Film The Imitation Game - Updated Edition Rating: 4 out of 5 stars4/5CompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Childhood Unplugged: Practical Advice to Get Kids Off Screens and Find Balance Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Dark Aeon: Transhumanism and the War Against Humanity Rating: 5 out of 5 stars5/5AP Computer Science Principles Premium, 2024: 6 Practice Tests + Comprehensive Review + Online Practice Rating: 0 out of 5 stars0 ratingsChatGPT Ultimate User Guide - How to Make Money Online Faster and More Precise Using AI Technology Rating: 0 out of 5 stars0 ratingsThe Professional Voiceover Handbook: Voiceover training, #1 Rating: 5 out of 5 stars5/5Going Text: Mastering the Command Line Rating: 4 out of 5 stars4/5People Skills for Analytical Thinkers Rating: 5 out of 5 stars5/5How to Create Cpn Numbers the Right way: A Step by Step Guide to Creating cpn Numbers Legally Rating: 4 out of 5 stars4/5
Reviews for PCI DSS
0 ratings0 reviews
Book preview
PCI DSS - Alan Calder
PCI DSS
A pocket guide
Sixth edition
PCI DSS
A pocket guide
Sixth edition
ALAN CALDER
GERAINT WILLIAMS
Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publishers and the authors cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the authors, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the authors.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publishers at the following address:
IT Governance Publishing Ltd
Unit 3, Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely, Cambridgeshire
CB7 4EA
United Kingdom
www.itgovernancepublishing.co.uk
© Alan Calder and Nicki Carter 2008, 2011, Alan Calder and Geraint Williams 2013, 2015, 2016, 2019.
The authors have asserted the rights of the authors under the Copyright, Designs and Patents Act, 1988, to be identified as the authors of this work.
First published in the United Kingdom in 2008 by IT Governance Publishing:
ISBN 978-1-90535-664-5
Second edition published in 2011:
ISBN 978-1-84928-178-2
Third edition published in 2013:
ISBN 978-1-84928-556-8
Fourth edition published in 2015:
ISBN: 978-1-84928-783-8
Fifth edition published in 2016:
ISBN: 978-1-84928-845-3
Sixth edition published in 2019:
ISBN: 978-1-78778-164-1
FOREWORD
All target dates for compliance with the PCI DSS have long since passed. The Standard is now on its third version, with the fourth in development with a predicted release date of Q4 2020. It is likely that v3.2.1 will be withdrawn around the end of 2021. Many organisations around the world – particularly those that fall below the top tier of payment card transaction volumes – are not yet compliant.
There are three possible reasons for this.
The first is that, outside a few US states, the PCI DSS has no legal status: it is not a law and does not have the force of law. Enforcement can only be carried out by contractual means, in a competitive payment card marketplace. The UK’s Information Commissioner, however, has said that compliance with the PCI DSS shows due diligence in protecting cardholder data, and has effectively imposed it as law through the threat of fines if non-compliant at the time of a breach.¹
The second