{"id":7869,"date":"2022-12-08T11:45:14","date_gmt":"2022-12-08T19:45:14","guid":{"rendered":"https:\/\/cheapsslsecurity.com\/blog\/?p=7869"},"modified":"2022-12-08T13:00:42","modified_gmt":"2022-12-08T21:00:42","slug":"what-is-pci-dss-meaning-overview","status":"publish","type":"post","link":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/","title":{"rendered":"What Is PCI DSS? PCI Data Security Standards Meaning &#038; Overview"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">In Q3 2022, data breaches <a href=\"https:\/\/surfshark.com\/blog\/data-breach-statistics-2022-q3\">surged by 70%<\/a> compared to Q2 of the same year. How secure is your customers\u2019 credit card data? Learn what PCI DSS is and why it can be a precious ally in protecting your customers\u2019 most precious information and keeping your organization out of troubles&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In 2021, attackers stole the sensitive personal and billing-related data of <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2021\/03\/21-million-free-vpn-users-data-exposed\">21 million VPN users<\/a>. The 10GBs of stolen data were first put for sale on the dark web and then dumped on <a href=\"https:\/\/www.vpnmentor.com\/blog\/vpns-leaked-on-telegram\/\">Telegram in 2022<\/a>. Could those VPN providers have dodged this incident if they\u2019d followed the Payment Card Industry Data Security Standards (PCI DSS)? Probably.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Want to avoid seeing your organization\u2019s name <a href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2021\/03\/01\/if-this-app-is-on-your-samsung-galaxy-huawei-xiaomi-or-google-android-phone-delete-it\/\">dragged through the mud<\/a> all over the news? PCI DSS may help you. If your organization handles customers&#8217; payment information, you should already be familiar with this industry standard. You&#8217;ve heard about it, but you don&#8217;t know exactly what it is? Now\u2019s the time to learn.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Discover in this first article of two-part series, the answers to two PCI DSS essential questions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What is PCI DSS?<\/li>\n\n\n\n<li>Why should you, as an organization, care about it?<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Ready <a><\/a>to start your journey in the PCI world? Let\u2019s go!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Is PCI DSS?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Payment Card Industry Data Security Standard (PCI DSS) is a series of security policies set up by the <a href=\"https:\/\/www.pcisecuritystandards.org\/\">P<\/a><a href=\"https:\/\/www.pcisecuritystandards.org\/\"><\/a><a href=\"https:\/\/www.pcisecuritystandards.org\/\">ayment <\/a>C<a href=\"https:\/\/www.pcisecuritystandards.org\/\"><\/a><a href=\"https:\/\/www.pcisecuritystandards.org\/\">ard <\/a>I<a href=\"https:\/\/www.pcisecuritystandards.org\/\"><\/a><a href=\"https:\/\/www.pcisecuritystandards.org\/\">ndustry <\/a>S<a href=\"https:\/\/www.pcisecuritystandards.org\/\"><\/a><a href=\"https:\/\/www.pcisecuritystandards.org\/\">ecurity <\/a>S<a href=\"https:\/\/www.pcisecuritystandards.org\/\"><\/a><a href=\"https:\/\/www.pcisecuritystandards.org\/\">tandards <\/a>C<a href=\"https:\/\/www.pcisecuritystandards.org\/\"><\/a><a href=\"https:\/\/www.pcisecuritystandards.org\/\">ouncil<\/a> (PCI SSC) in collaboration with the major credit card companies. Its major goal is the same as every card owner (like you and me): to keep the payment data safe (more on that in a minute).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Examples of the types of information you want to protect and secure include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cardholders\u2019 names<\/li>\n\n\n\n<li>Account numbers<\/li>\n\n\n\n<li>Service codes<\/li>\n\n\n\n<li>Card expiration dates<\/li>\n\n\n\n<li>PINs\/PIN Blocks<\/li>\n\n\n\n<li>CAV2s\/CVC3s\/CVV2s\/CIDs<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The latest update of the PCI DSS standard, version 4.0, was <a href=\"https:\/\/www.pcisecuritystandards.org\/about_us\/press_releases\/securing-the-future-of-payments-pci-ssc-publishes-pci-data-security-standard-v4-0\/\">published in March 2022<\/a> however, the <a href=\"https:\/\/www.pcisecuritystandards.org\/pdfs\/pci_ssc_quick_guide.pdf\">previous version (3.2.1<\/a>) will remain valid until the end of March 2024 to give enough time for organizations to implement any changes needed. So, <a href=\"https:\/\/listings.pcisecuritystandards.org\/documents\/PCI_DSS-QRG-v3_2_1.pdf\">PCI DSS version 3.2.1<\/a> is the one we\u2019ll cover in this article. It\u2019ll help you get a feeling of what it\u2019s all about. To ensure you get the whole picture, though, the next article of this series will look at the new version and explore the key differences between PCI DSS versions 3.2.1 and 4.0.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Who PCI DSS Applies To<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Does your organization handle (i.e., store, process, and\/or transmit) card payment data? If the answer is yes, you must be PCI DSS compliant even if you\u2019re a tiny shop. What are the requirements? PCI DSS is divided into four levels, categorizing businesses and organizations by the number of annual transactions they handle. Depending on the volume of transactions processed annually, your organization may fall in one level or another.&nbsp; The fewer transactions you make, the fewer requirements you&#8217;ll have to fulfill.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Find out at which level your organization falls by checking the table below:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>PCI DSS Levels<\/strong><\/td><td><strong>Volume of Transactions<\/strong><\/td><\/tr><tr><td>Level 1<\/td><td>More than 6 million transactions per year.<\/td><\/tr><tr><td>Level 2<\/td><td>1 to 6 million transactions per year.<\/td><\/tr><tr><td>Level 3<\/td><td>20,000 to 1 million transactions per year.<\/td><\/tr><tr><td>Level 4<\/td><td>Less than 20,000 transactions per year.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Got it? Now that the PCI DSS meaning is clear, let\u2019s find out more about the goals and requirements of PCI DSS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The 6 Goals and 12 Requirements of PCI DSS<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The PCI DSS is organized into six security goals. To reach those goals and be PCI DSS compliant like <a href=\"https:\/\/www.verizon.com\/business\/reports\/payment-security-report\/2022\/the-state-of-pci-dss-compliance\/\">43.4% of organizations<\/a> in 2020, you\u2019ll have to satisfy 12 requirements.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Sounds complicated? No fear, we&#8217;ll make it as simple as possible. Think of it like having two interrelated checklists: to complete the first one (goals) you\u2019ll just have to tick all the points listed in the second one (requirements). Follow the points listed below <em>et voila&#8217;<\/em>, it&#8217;s done. The following goals and requirements are covered in depth in the PCI DSS v3.2.1 document we linked to earlier. Our goal here s to provide you with an overview rather than go over the entire doc with a magnifying glass.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>PCI DSS Goals<\/strong><\/td><td><strong>PCI DSS Requirements v.3.2.1<\/strong><\/td><\/tr><tr><td>1. Build and Maintain a Secure Network and Systems<\/td><td>1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. &nbsp;<\/td><\/tr><tr><td>2. Protect Cardholder Data<\/td><td>3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data across open, public networks.<\/td><\/tr><tr><td>3. Maintain a Vulnerability Management Program<\/td><td>5. Protect all systems against malware and regularly update anti-virus software or programs. 6. &nbsp;Develop and maintain secure systems and applications. &nbsp;<\/td><\/tr><tr><td>4. Implement Strong Access Control Measures<\/td><td>7. Restrict access to cardholder data by business need to know. 8. Identify and authenticate access to system components. 9. Restrict physical access to cardholder data.<\/td><\/tr><tr><td>5. Regularly Monitor and Test Networks<\/td><td>10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes.<\/td><\/tr><tr><td>6. Maintain an Information Security Policy<\/td><td>12. Maintain a policy that addresses information security for all personnel.<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\">Table caption: Information is from PCI DSS v3.2.1.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">OK, the goals are pretty straightforward. However, some requirements may look a bit complicated. Let\u2019s try to clarify them with a few examples and find out how even the smallest store can address them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Install and Maintain a Firewall Configuration to Protect Cardholder Data<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In other words, ensure that access to your network is granted only to those you trust. The easiest way to do this? By installing a <a href=\"https:\/\/www.ibm.com\/docs\/en\/i\/7.1?topic=options-firewalls\">firewall<\/a>. Yup, just like in medieval times, when castles were protected by high walls to keep the enemies at bay, a firewall will enable you to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Restrict and scan incoming and outgoing network traffic.<\/li>\n\n\n\n<li>Block access to suspicious or unauthorized users\/IP addresses.<\/li>\n\n\n\n<li>Create specific rules to prevent cybercriminals from getting access to payment data.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Want to know more about how firewalls work? Check out the short video below:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"What Is A Firewall? | Firewall Explained | Firewalls and Network Security | Simplilearn\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/9GZlVOafYTg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">2. Do Not Use Vendor-Supplied Defaults For System Passwords and Other Security Parameters<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Default settings in software and applications are convenient, but they\u2019re a security hazard. The same can be said for cloud-based systems, where <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/a\/the-top-worry-in-cloud-security-for-2021.html\">Trend Micro reports<\/a> that 65-70% of security issues stem from misconfigurations. Want to tick this second point?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Change all default passwords and usernames.<\/li>\n\n\n\n<li>Personalize the security settings of your applications, software, and devices (including firewalls and POS).<\/li>\n\n\n\n<li>Use <a href=\"https:\/\/pages.nist.gov\/800-63-3\/sp800-63b.html\">strong passwords<\/a> and authentication methods (e.g., <a href=\"https:\/\/cheapsslsecurity.com\/blog\/how-does-two-factor-authentication-work\/\">two-factor authentication<\/a> is good but only if you <a href=\"https:\/\/cheapsslsecurity.com\/blog\/sms-two-factor-authentication-and-why-you-shouldnt-use-it\/\">stay away from SMS-based verification methods<\/a><a href=\"https:\/\/cheapsslsecurity.com\/blog\/sms-two-factor-authentication-and-why-you-shouldnt-use-it\/\"><\/a>).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. Protect Stored Cardholder Data<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Using firewalls and protecting your data in transit with encryption only helps so much if you don\u2019t bother securing the data when it\u2019s stored. Make cybercriminals\u2019 lives harder by protecting your customers\u2019 accounts and payment data at rest (i.e., when it\u2019s saved somewhere, like on a database). How?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Encrypt your cardholders\u2019 data at rest using symmetric encryption and a cryptographic key.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"983\" height=\"610\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/data-at-rest-encryption-overview.png\" alt=\"A diagram that provides a basic overview of how encrypting payment card data at rest works (and is part of the PCI DSS requirements)\" class=\"wp-image-7877\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/data-at-rest-encryption-overview.png 983w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/data-at-rest-encryption-overview-300x186.png 300w\" sizes=\"(max-width: 983px) 100vw, 983px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: The graphic shows how data encryption can help you protect your customers\u2019 card information.<\/em><\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Restrict access to servers and databases by applying strict access control rules (e.g., the <a href=\"https:\/\/owasp.org\/www-community\/Access_Control\">principle of least privilege<\/a>).<\/li>\n\n\n\n<li>Protect your cryptographic keys (<a href=\"https:\/\/cheapsslsecurity.com\/blog\/private-key-and-public-key-explained\/\">public and private keys<\/a>) by implementing proper <a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Key_Management_Cheat_Sheet.html\">key management process<\/a>es and practices.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4. Encrypt Transmission of Cardholder Data Across Open, Public Networks<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">When your data is in transit, it\u2019s at its most vulnerable point because it can be intercepted and modified by cybercriminals. Keep payments data secure during transmission by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using a <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-a-website-security-certificate\/\">website security certificate<\/a> (i.e., SSL\/TLS certificate) issued by a trusted certification authority (CA). It\u2019ll enable you to securely exchange sensitive information like credit card data by leveraging the power of <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-the-rsa-algorithm-a-look-at-rsa-encryption\/\"><\/a><a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-asymmetric-encryption-understand-with-simple-examples\/\">asymmetric encryption<\/a> and symmetric encryption to securely exchange keys and create a secure communication channel.<\/li>\n\n\n\n<li>Sending the data through the secure <a href=\"https:\/\/cheapsslsecurity.com\/blog\/your-guide-to-https-port-443-and-why-its-critical-to-security\/\">port 443<\/a> (i.e., HTTPS protocol).<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"993\" height=\"575\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/http-vs-https-pci-data.png\" alt=\"A diagram that illustrates the difference between insecure connections via port 80 (HTTP) and secure connections via port 443 (HTTPS)\" class=\"wp-image-7876\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/http-vs-https-pci-data.png 993w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/http-vs-https-pci-data-300x174.png 300w\" sizes=\"(max-width: 993px) 100vw, 993px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: This shows how easy it is for an attacker to view and steal your customers&#8217; credit card details when you&#8217;re using an HTTP-only connection.<\/em><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">5. Protect All Systems Against Malware and Regularly Update Antivirus Software or Programs<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Do you have antivirus software installed? Good, but that isn\u2019t enough:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Run antivirus software on all devices (including servers) that touch your network.<\/li>\n\n\n\n<li>Regularly apply antivirus signature updates from the vendor. From January to the beginning of December 2022, AVTest identified more than <a href=\"https:\/\/portal.av-atlas.org\/malware\">93 million<\/a> new pieces of malware. Yup, bad guys never sleep!<\/li>\n\n\n\n<li>Keep your antivirus logs ready for audits just in case something goes wrong. <a href=\"https:\/\/www.g2.com\/categories\/log-analysis\">Log parsers\/analysis tools<\/a> will help you make sense of the myriads of data and give you clear and actionable insights. And many of those tools are <a href=\"https:\/\/www.g2.com\/categories\/log-analysis\/free\">free<\/a>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6. Develop and Maintain Secure Systems and Applications<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Just like your antivirus software, your other IT systems and software must always be up-to-date and secure. This includes both critical and non-critical infrastructure and resources.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you use applications you\u2019ve developed, ensure you <a href=\"https:\/\/cheapsslsecurity.com\/blog\/a-primer-on-how-code-signing-works\/\">sign them<\/a> with a code signing certificate to assert your digital identity and help prevent tampering and malware infections.<\/li>\n\n\n\n<li>Don\u2019t allow installation of unsigned software. Use <a href=\"https:\/\/borncity.com\/win\/2022\/11\/08\/windows-11-22h2-no-longer-supports-software-restriction-policies-srp\/\">AppLocker<\/a> or <a href=\"https:\/\/learn.microsoft.com\/en-gb\/windows\/security\/threat-protection\/windows-defender-application-control\/windows-defender-application-control\">Windows Defender Application Control<\/a> to define rules that\u2019ll block the download of unsigned software. Don\u2019t use the old Software Restriction Policies feature as it\u2019s been <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/whats-new\/deprecated-features\">deprecated by Microsoft<\/a> for certain builds.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"524\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/why-block-unsigned-software-1024x524.png\" alt=\"What Is PCI DSS graphic: An illustration of how blocking unsigned software helps to protect organizations and customers against cyber attacks\" class=\"wp-image-7875\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/why-block-unsigned-software-1024x524.png 1024w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/why-block-unsigned-software-300x153.png 300w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/why-block-unsigned-software.png 1089w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Image caption: The graphic shows how allowing users to download only code-signed software can protect you and your customers from attacks.<\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Regularly apply patches to address newly discovered vulnerabilities.<\/li>\n\n\n\n<li>Don\u2019t forget to update third-party components with the help of a <a href=\"https:\/\/www.cisa.gov\/sbom\">software bill of materials<\/a> (SBOM).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7. Restrict Access to Cardholder Data by Business Need-to-Know<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Would you pay with your credit card if the shops would broadcast your credit card details on a big screen? Surely not. Remember the principle of the least privilege we talked about before? It applies here, too, when granting sensitive data access privileges to employees.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Grant authorized employees and third parties access to payment details only on a business-essential basis. This principle applies to senior management as well.<\/li>\n\n\n\n<li>Create and document access policies based on roles and permissions. If someone doesn\u2019t need access for their role, don\u2019t grant it.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8. Identify and Authenticate Access to System Components<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">According to Verizon, <a href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\">82% of data breaches analyzed in 2021<\/a><a href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\"><\/a> were caused by human elements (i.e., <a href=\"https:\/\/cheapsslsecurity.com\/blog\/social-engineering-attacks-and-prevention-methods\/\">social engineering<\/a>, errors, or misuse).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure each user has a unique username and password. Or, bypass the use of passwords altogether by using passwordless authentication methods like client authentication certificates instead.<\/li>\n\n\n\n<li>Implement two-factor or multi-factor authentication.<\/li>\n\n\n\n<li>Log access activities. In the case of a cyber incident or breach, it&#8217;ll be easier to identify who did what and what has been accessed so you can better understand what may have been compromised.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9. Restrict Physical Access to Cardholder Data<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Physical security is just as important as digital security. Things get stolen or lost all the time. A few years ago, one of my former colleagues set his laptop bag on the floor of a train station for a few moments so he could blow his nose. Within seconds, the laptop was gone and was never recovered.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Are your customers\u2019 card data saved on a hard drive? If so, lock it in a secure drawer or room.<\/li>\n\n\n\n<li>Do you save cardholder data on a server in a data center? Install surveillance cameras, access with code only, and other physical security measures.<\/li>\n\n\n\n<li>Record all access so you know who comes and goes and when. Keep the logs for at least 90 days.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10. Track and Monitor All Access to Network Resources and Cardholder Data<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In the <em>Lord of the Rings<\/em>, the eye of Sauron was able to see its enemies anywhere. Want to protect your customers\u2019 data? You need to have the same approach when it comes to having full visibility of your IT environment.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Constantly monitor your whole network with the help of a <a href=\"https:\/\/www.gartner.com\/reviews\/market\/security-information-event-management\">security information and event management (SIEM) tool<\/a>s.<\/li>\n\n\n\n<li>Log network activities and accesses involving cardholder data and <a href=\"https:\/\/www.investopedia.com\/terms\/p\/primary-account-number-pan.asp\">primary account numbers<\/a> (PANs).<\/li>\n\n\n\n<li>Implement an audit policy to ensure that logs are continuously inspected for suspicious activities.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11. Regularly Test Security Systems and Processes<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft\u2019s November 2022 patch Tuesday included mitigations for a whopping <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/11\/update-now-microsofts-november-patch-tuesday-covers-a-lot-of-zero-days\">68 vulnerabilities<\/a>, 11 of which were critical. And this is just a tiny part of the <a href=\"https:\/\/www.cve.org\/\">over 189,000 vulnerabilities<\/a> actually listed on CVE website. Are your systems secure and <a href=\"https:\/\/owasp.org\/www-community\/vulnerabilities\/\">vulnerability-free<\/a><a href=\"https:\/\/owasp.org\/www-community\/vulnerabilities\/\"><\/a>? To reach compliance, you must:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Test your systems and processes for vulnerabilities at least every quarter using <a href=\"https:\/\/listings.pcisecuritystandards.org\/assessors_and_solutions\/approved_scanning_vendors?search=SISA#searchresult\">PCI DSS-approved scanning vendors<\/a>.&nbsp;<\/li>\n\n\n\n<li>If your organization falls into level 1 or 2, conduct <a href=\"https:\/\/www.cloudflare.com\/learning\/security\/glossary\/what-is-penetration-testing\/\">penetration test<\/a>s on your networks and applications at least once a year. A professional <a href=\"https:\/\/www.avast.com\/c-hacker-types\">white hat<\/a> can do it for you if you don\u2019t have the in-house resources.<\/li>\n\n\n\n<li><a><\/a>Implement a change-detection mechanism that\u2019ll automatically compare critical file versions. (Hint: some <a href=\"https:\/\/cheapsslsecurity.com\/blog\/decoded-examples-of-how-hashing-algorithms-work\/\">hashing algorithms<\/a> are great for this kind of task.)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12. Maintain a Policy That Addresses Information Security For All Personnel<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This is the final step of the PCI DSS checklist: document and communicate your security policies for all systems, employees, and software dealing with card data.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create an information security policy, review it, and update it often.<\/li>\n\n\n\n<li>Train your staff \u2014 yes, all of them \u2014 at least once a year.<\/li>\n\n\n\n<li>Don&#8217;t forget any third parties that are somehow involved with card data. They should read, understand, and sign the policies, too.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s it! Checklist done! Ensure you tick all the boxes so that your organization will comply with PCI DSS. Why should you do it? The answer is below, keep on reading.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Before you go on though, let\u2019s have some fun and check out this entertaining video summarizing the 12 PCI DSS requirements in a song:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"PCI Data Security Standards Rock\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/xpfCr4By71U?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Why Should Your Organization Care About It?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">According to the latest Insider Intelligence forecast, online card fraud losses will reach a colossal <a href=\"https:\/\/www.insiderintelligence.com\/newsroom\/index.php\/total-card-fraud-losses-to-surpass-12-billion-in-2022-as-fraud-continues-to-shift-online\/\">$10.16 billion<\/a> by 2024. But that&#8217;s just the tip of the iceberg. There are many other reasons why organizations should ensure that they&#8217;re PCI DSS compliant.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Bob, the protagonist of the short video below, learned it the hard way.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"PCI animation 01\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/eNMnnsnI0PU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Want a few more examples?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Your organization will be more protected from data breaches and identity theft.<\/strong> You surely don\u2019t want to end up like Medibank. The recent data breach exposed <a href=\"https:\/\/www.theguardian.com\/technology\/2022\/dec\/02\/i-am-a-medibank-customer-am-i-affected-by-the-cyberattack-what-can-i-do-to-protect-myself\">9.7 million<\/a> existing and former customers\u2019 personal data. Vastaamo, a Finnish service provider, ended up even worse as <a href=\"https:\/\/www.computerweekly.com\/news\/252496227\/Hacked-Finnish-therapy-business-collapses\">it went bankrupt<\/a> three years after a data breach.<\/li>\n\n\n\n<li><strong>Being compliant with PCI DSS help you avoid fines and penalties.<\/strong> OK, the PCI SSC has no legal authority to enforce compliance or penalties. However, the credit card companies can and do. Terms and penalties\/fines vary depending on the companies. In 2020, Curry PC World (a British retailer) was hit with a penalty of <a href=\"https:\/\/www.consumerprivacyworld.com\/2020\/01\/ico-issues-fine-against-national-retailer-for-security-failings\/\">\u00a3500,000 (~$600,000) due to a breach<\/a> caused by insecure point-of-sale (POS) software.<\/li>\n\n\n\n<li><strong>Being compliant can help keep potential legal actions at bay.<\/strong> Got breached because you didn&#8217;t adhere to PCI DSS requirements? Your angry customers may decide to go legal. And if it happens \u2014 like in the case of CaptureRx, which was hit with 10 lawsuits \u2014 it may cost you <a href=\"https:\/\/healthitsecurity.com\/news\/capturerx-to-consider-filing-for-bankruptcy-if-4.75m-settlement-not-approved\">an arm and a leg<\/a>.<\/li>\n\n\n\n<li><strong>Compliance helps boost your reputation &amp; increase customers&#8217; trust in your organization.<\/strong> <a href=\"https:\/\/cpl.thalesgroup.com\/data-trust-index#download-popup\">21% of consumers<\/a> stopped doing business with companies that were targets of data breaches. By the way, did you know that PCI SSC offers <a href=\"https:\/\/www.pcisecuritystandards.org\/program_training_and_qualification\/badges\/\">digital badges<\/a> that you can add to your website and profile to promote your certifications?<\/li>\n\n\n\n<li><strong>It\u2019ll help you comply with other privacy and security regulations.<\/strong> Once you\u2019ve fulfilled all PCI DSS requirements, it\u2019ll be even easier to comply with regulations like <a href=\"https:\/\/gdpr.eu\/\">E.U.\u2019s General Data Protection Regulation<\/a> (GDPR), the <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/laws-regulations\/index.html\">Health Insurance Portability and Accountability Act<\/a> (HIPAA), and others. And those aren\u2019t optional, by the way!<\/li>\n\n\n\n<li><strong>It\u2019ll improve your organization\u2019s security posture.<\/strong> With cyber attacks <a href=\"https:\/\/blog.checkpoint.com\/2022\/10\/26\/third-quarter-of-2022-reveals-increase-in-cyberattacks\/\">increasing by 28% globally<\/a> in Q3 2022, every organization, even the smallest one, is scrambling to set up some kind of cybersecurity protection. Achieving PCI DSS compliance will put you on the right track. You can hit two birds with one stone by achieving compliance and enhanced security.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Aren\u2019t these reasons good enough to get compliant?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts on What PCI DSS Is<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In 2021, the Consumer Sentinel Network received an astonishing 1.4 million identity theft reports, making it customers\u2019 <a href=\"https:\/\/www.ftc.gov\/reports\/consumer-sentinel-network-data-book-2021\">top reported issue<\/a> of the year. Over 25% of those stolen data were used for credit card fraud.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The solution? Stop worrying and take action. Start leveraging the power of PCI DSS to protect your customers&#8217; payment data from cybercriminals now. Go over the goals and requirements listed in this article to determine what you&#8217;re still missing and identify areas where you can improve your cyber defenses. Spotted a gap in your defenses? Fix it by implementing the list of requirements above. For example, encrypt your customers&#8217; sensitive information at rest and in transit, and invest in <a href=\"https:\/\/cheapsslsecurity.com\/blog\/digital-signature-vs-digital-certificate-the-difference-explained\/\">digital certificates<\/a> and firewalls.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">By the way, did you know that the new version of the standards (PCI DSS v. 4.0) is now available? You have no time to go through the whole document? We&#8217;ve got you covered. In our second article of the series, we&#8217;ll give you a quick overview of the changes, to help you achieve compliance without grief. Check back for that post in the new couple of weeks!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In Q3 2022, data breaches surged by 70% compared to Q2 of the same year. How secure is your customers\u2019 credit card data? Learn what PCI DSS is and why it can be a precious ally in protecting your customers\u2019 most precious information and keeping your organization out of troubles&nbsp; In 2021, attackers stole the<\/p>\n","protected":false},"author":8,"featured_media":7879,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[417],"tags":[421,783,782],"class_list":["post-7869","post","type-post","status-publish","format-standard","has-post-thumbnail","category-cybersecurity","tag-featured","tag-payment-card-industry-data-security-standard","tag-pci-dss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What Is PCI DSS? PCI Data Security Standards Meaning &amp; Overview<\/title>\n<meta name=\"description\" content=\"What Is PCI DSS? We&#039;ll break down the meaning of this data security standard &amp; explore why companies touching payment card data should care.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is PCI DSS? PCI Data Security Standards Meaning &amp; Overview\" \/>\n<meta property=\"og:description\" content=\"What Is PCI DSS? We&#039;ll break down the meaning of this data security standard &amp; explore why companies touching payment card data should care.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/\" \/>\n<meta property=\"og:site_name\" content=\"Savvy Security\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cheapsslsecurities\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-08T19:45:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-08T21:00:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/what-is-pci-dss-feature.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Savvy Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sslsecurity\" \/>\n<meta name=\"twitter:site\" content=\"@sslsecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Savvy Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/\"},\"author\":{\"name\":\"Savvy Security\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\"},\"headline\":\"What Is PCI DSS? PCI Data Security Standards Meaning &#038; Overview\",\"datePublished\":\"2022-12-08T19:45:14+00:00\",\"dateModified\":\"2022-12-08T21:00:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/\"},\"wordCount\":2887,\"image\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/what-is-pci-dss-feature.jpg\",\"keywords\":[\"featured\",\"Payment Card Industry Data Security Standard\",\"PCI DSS\"],\"articleSection\":[\"SMB Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/\",\"name\":\"What Is PCI DSS? PCI Data Security Standards Meaning & Overview\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/what-is-pci-dss-feature.jpg\",\"datePublished\":\"2022-12-08T19:45:14+00:00\",\"dateModified\":\"2022-12-08T21:00:42+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\"},\"description\":\"What Is PCI DSS? We'll break down the meaning of this data security standard & explore why companies touching payment card data should care.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/what-is-pci-dss-feature.jpg\",\"contentUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/what-is-pci-dss-feature.jpg\",\"width\":1600,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/what-is-pci-dss-meaning-overview\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is PCI DSS? PCI Data Security Standards Meaning &#038; Overview\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/\",\"name\":\"Savvy Security\",\"description\":\"Practical cybersecurity advice\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\",\"name\":\"Savvy Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"caption\":\"Savvy Security\"},\"description\":\"Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24\\\/7 security teams.\",\"sameAs\":[\"blogadmin\"],\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/author\\\/blogadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is PCI DSS? PCI Data Security Standards Meaning & Overview","description":"What Is PCI DSS? We'll break down the meaning of this data security standard & explore why companies touching payment card data should care.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/","og_locale":"en_US","og_type":"article","og_title":"What Is PCI DSS? PCI Data Security Standards Meaning & Overview","og_description":"What Is PCI DSS? We'll break down the meaning of this data security standard & explore why companies touching payment card data should care.","og_url":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/","og_site_name":"Savvy Security","article_publisher":"https:\/\/www.facebook.com\/cheapsslsecurities","article_published_time":"2022-12-08T19:45:14+00:00","article_modified_time":"2022-12-08T21:00:42+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/what-is-pci-dss-feature.jpg","type":"image\/jpeg"}],"author":"Savvy Security","twitter_card":"summary_large_image","twitter_creator":"@sslsecurity","twitter_site":"@sslsecurity","twitter_misc":{"Written by":"Savvy Security","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/#article","isPartOf":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/"},"author":{"name":"Savvy Security","@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493"},"headline":"What Is PCI DSS? PCI Data Security Standards Meaning &#038; Overview","datePublished":"2022-12-08T19:45:14+00:00","dateModified":"2022-12-08T21:00:42+00:00","mainEntityOfPage":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/"},"wordCount":2887,"image":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/#primaryimage"},"thumbnailUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/what-is-pci-dss-feature.jpg","keywords":["featured","Payment Card Industry Data Security Standard","PCI DSS"],"articleSection":["SMB Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/","url":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/","name":"What Is PCI DSS? PCI Data Security Standards Meaning & Overview","isPartOf":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/#primaryimage"},"image":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/#primaryimage"},"thumbnailUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/what-is-pci-dss-feature.jpg","datePublished":"2022-12-08T19:45:14+00:00","dateModified":"2022-12-08T21:00:42+00:00","author":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493"},"description":"What Is PCI DSS? We'll break down the meaning of this data security standard & explore why companies touching payment card data should care.","breadcrumb":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/#primaryimage","url":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/what-is-pci-dss-feature.jpg","contentUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/what-is-pci-dss-feature.jpg","width":1600,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cheapsslsecurity.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What Is PCI DSS? PCI Data Security Standards Meaning &#038; Overview"}]},{"@type":"WebSite","@id":"https:\/\/cheapsslsecurity.com\/blog\/#website","url":"https:\/\/cheapsslsecurity.com\/blog\/","name":"Savvy Security","description":"Practical cybersecurity advice","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cheapsslsecurity.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493","name":"Savvy Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","caption":"Savvy Security"},"description":"Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24\/7 security teams.","sameAs":["blogadmin"],"url":"https:\/\/cheapsslsecurity.com\/blog\/author\/blogadmin\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts\/7869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/comments?post=7869"}],"version-history":[{"count":0,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts\/7869\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/media\/7879"}],"wp:attachment":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/media?parent=7869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/categories?post=7869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/tags?post=7869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}