The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data.
PA-DSS and PCI SSF define the security requirements and assessment procedures for software vendors of payment applications. The standard and framework applies to software vendors and applications participating in the authorization and settlement process.
The PCI 3DS standard defines physical and logical security requirements and assessment procedures for entities performing or providing 3DS functions. The PCI 3DS comprises a minimum set of requirements for protecting 3DS sensitive data, based on 14 principles structured into more than 200 requirements.
P2PE (and NESA) defines the requirements and testing procedures for point-to point-encryption (and non-listed encryption security). Encryption strengthens customer's account data from the point of interaction (within the encryption environment where account data is captured) to the point of decrypting that data inside the decryption environment, effectively removing clear-text account data between these two points. P2PE applies to P2PE solution providers, payment application vendors or component providers
P2PE component providers may validate the following service they provide:Encryption Management Services (EMS)
The PCI PIN Security standard contains a complete set of requirements for the secure management, processing and transmission of personal identification number (PIN) data during online and offline payments card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals.
The PCI TSP is a Payment Card Industry standard for entities providing services as a Tokenization Service Provider. A TSP is an entity that provides registered token requestors, such as merchants holding the card credentials, with ‘surrogate’ PAN (Primary Account Number) values (or ‘payment tokens’). These tokens can only be used in specific domains such as the merchant's website or more recently in pre-defined channels such as via a mobile device to make an NFC (near field communication) payment.
Tell us more about you and one of our experts will call you back