Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    PCI DSS: A pocket guide, sixth edition
    PCI DSS: A pocket guide, sixth edition
    PCI DSS: A pocket guide, sixth edition
    Ebook67 pages36 minutes

    PCI DSS: A pocket guide, sixth edition

    By Alan Calder and Geraint Williams

    ()

    Read preview

    About this ebook

    An ideal introduction to PCI DSS v3.2.1

    All businesses that accept payment cards are prey for criminal hackers trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card payments in a way that effectively protects cardholder data.

    All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences and expensive repercussions. These range from customer desertion and brand damage to significant financial penalties and operating restrictions imposed by their acquiring bank.

    Covering PCI DSS v3.2.1, this handy pocket guide provides all the information you need to consider as you approach the Standard. It is also an ideal training resource for those in your organisation involved with payment card processing. Topics include:

    • An overview of PCI DSS v3.2.1
    • How to comply with the requirements of the Standard
    • Maintaining compliance
    • The PCI SAQ (self-assessment questionnaire)
    • The PCI DSS and ISO 27001
    • Procedures and qualifications
    • An overview of the PA-DSS (Payment Application Data Security Standard)
    • PTS (PIN Transaction Security)
    • Software-based PIN entry

    Buy your copy of this quick-reference guide to PCI DSS v3.2.1 today!

    About the authors

    Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.

    Alan is an acknowledged international cyber security guru. He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

    Geraint Williams is the CISO for the GRC International Group of companies, and a knowledgeable and experienced senior information security consultant and former PCI QSA, with a strong technical background and experience in the PCI DSS and security testing.

    Geraint has provided consultancy on implementing the PCI DSS, and has conducted audits for a wide range of merchants and service providers as well as penetration testing and vulnerability assessments for clients. He has broad technical knowledge of security and IT infrastructure, including high-performance computing and Cloud computing. His certifications include CISSP® and PCIP.

    LanguageEnglish
    Publisheritgovernance
    Release dateSep 5, 2019
    ISBN9781787781641
    PCI DSS: A pocket guide, sixth edition
    Author

    Alan Calder

    Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

    Read more from Alan Calder

    Related to PCI DSS

    Related ebooks

    Computers For You

    View More
    View More

    Related podcast episodes

    Related articles

    • Article

      Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL

      Sep 21, 2016

      Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate

      2 min read

    • Article

      Staying Safe In The Cloud

      Jul 22, 2019

      Staying Safe In The Cloud
      4 min read

    • Article

      Managing the Risks of Digital Lending

      Feb 18, 2022

      TECHNOLOGY HAS BEEN the crux of the Indian banking system and the advent of Covid-19 has fuelled the shift of business models from ‘physical’ to ‘digital’. The journey of innovation, which started with internet banking and digital means of payments,

      6 min read

    • Article

      PhonePe: Life Beyond UPI

      Dec 10, 2020

      PhonePe: Life Beyond UPI
      5 min read

    • Article

      Protect Yourself Against New ID-Theft Schemes

      May 24, 2021

      Throughout the past decade, consumers have been rocked by one massive data breach after another. Some 500 million Yahoo users were hit by a 2014 data breach that compromised e-mail addresses, passwords and other information. The 2017 hack of credit b

      11 min read

    • Article

      Privacy: The Price Of Trust

      Aug 17, 2021

      How will cybersecurity and data privacy evolve over the next decade? We’re hearing from our customers that cybersecurity and data privacy are increasingly becoming board-level conversations. Companies will start to think about privacy, security, vend

      1 min read

    • Article

      Securing The System

      May 28, 2018

      Securing The System
      3 min read

    • Article

      “Misstating The Facts As You Know Them On Legal Documents Is A Whole Other World Of Pain”

      Apr 6, 2023

      At the beginning of this year, Bloomberg reported that a “Class-Action Wave Is Coming” (pcpro.link/344bloom). The article called out the rise in environment, social and governance-related cases, citing the hardening of corporate disclosure requiremen

      5 min read

    • Article

      Web App Security

      Jun 29, 2021

      Web App Security
      8 min read

    • Article

      MAKING Defi and NFT Platforms MORE SECURE

      Nov 1, 2021

      QuillHash is a blockchain studio based in India and leads the adoption of blockchain technology worldwide. It offers private and public blockchain platform solutions, blockchain security audits, smart contracts development, and tokenization solutions

      4 min read

    Related categories

    Reviews for PCI DSS

    0 ratings

    0 ratings0 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

      Book preview

      PCI DSS - Alan Calder

      PCI DSS

      A pocket guide

      Sixth edition

      PCI DSS

      A pocket guide

      Sixth edition

      ALAN CALDER

      GERAINT WILLIAMS

      Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publishers and the authors cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the authors, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the authors.

      Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publishers at the following address:

      IT Governance Publishing Ltd

      Unit 3, Clive Court

      Bartholomew’s Walk

      Cambridgeshire Business Park

      Ely, Cambridgeshire

      CB7 4EA

      United Kingdom

      www.itgovernancepublishing.co.uk

      © Alan Calder and Nicki Carter 2008, 2011, Alan Calder and Geraint Williams 2013, 2015, 2016, 2019.

      The authors have asserted the rights of the authors under the Copyright, Designs and Patents Act, 1988, to be identified as the authors of this work.

      First published in the United Kingdom in 2008 by IT Governance Publishing:

      ISBN 978-1-90535-664-5

      Second edition published in 2011:

      ISBN 978-1-84928-178-2

      Third edition published in 2013:

      ISBN 978-1-84928-556-8

      Fourth edition published in 2015:

      ISBN: 978-1-84928-783-8

      Fifth edition published in 2016:

      ISBN: 978-1-84928-845-3

      Sixth edition published in 2019:

      ISBN: 978-1-78778-164-1

      FOREWORD

      All target dates for compliance with the PCI DSS have long since passed. The Standard is now on its third version, with the fourth in development with a predicted release date of Q4 2020. It is likely that v3.2.1 will be withdrawn around the end of 2021. Many organisations around the world – particularly those that fall below the top tier of payment card transaction volumes – are not yet compliant.

      There are three possible reasons for this.

      The first is that, outside a few US states, the PCI DSS has no legal status: it is not a law and does not have the force of law. Enforcement can only be carried out by contractual means, in a competitive payment card marketplace. The UK’s Information Commissioner, however, has said that compliance with the PCI DSS shows due diligence in protecting cardholder data, and has effectively imposed it as law through the threat of fines if non-compliant at the time of a breach.¹

      The second

      Enjoying the preview?
      Page 1 of 1