PCI DSS Applicability in an EMV Environment - A Guidance Document
(2010) from the PCI Security Standards Council https://www.pcisecuritystandards.org/pdfs/pci_dss_emv.pdf
Increasing Security and Reducing Fraud with EMV Chip and PCI Standards (PCI Security Standards Council) https://www.pcisecuritystandards.org/pdfs/PCI-EMV-Final1.pdf
Payment Card Industry (PCI) - Requirements and Security Assessment
Procedures - Version 3.0 (2013) from the PCI Security Standards Council
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
Payment Card Industry (PCI) Data Security Standard Glossary, Abbreviations and Acronyms (2015) PCI Security Standards Council https://de.pcisecuritystandards.org/security_standards/glossary.php
What is the PCI DSS?
The PCI DSS (Payment Card Industry Data Security Standard) was developed to provide a standard set of technical and operational requirements for the protection of cardholder data throughout a transaction process, including storing, processing and transmitting. This standard is designed to regulate, enhance, and encourage cardholder data security, and was meant to apply to all system components involved in the processing a payment card transaction, including servers, network devices, computing devices, and applications. The standard also applies to anything or anyone connected to this system, which is part of the cardholder data environment (CDE), and consists of people, processes, and technologies that are capable of handling cardholder data and/or sensitive authentication data in any way. Examples of CDE users include merchants, acquirers, issuers, financial institutions, and service providers. If an organization chooses to outsource their payment operations to a third party service provider, they should make sure the provider protects all account data per applicable PCI DSS requirements.
The PCI DSS Standard uses two methods to achieve its security objectives:
Will the PCI DSS regulations be adequate for data security?