"CDS has experienced PCI experts that help and support merchants to complete PCI compliance in a simple and easy way"


It is the key standard for helping merchants to protect cardholder data and describes the technical and operational system components that are part of or connected to cardholder data. It is also structured by six goals that include 12 related requirements as follows.

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software or programs.
6. Develop and maintain secure system and applications.

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need to know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.

Maintain an Information Security Policy

12. Maintain a policy that addresses information security for all personnel.

Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is done annually — by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) and Quarterly Network Scan for companies handling smaller volumes.

Payment Card Industry Data Security Council

Founded in 2006 by the major card brands including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc, PCI SSC develops, manages, educates, and raises awareness of the three PCI standards and provides documents and information to help organizations implement PCI cardholder data.