Thread: PCI Compliance Starter Kit

This thread is compiled to provide resources for those interested in learning more about PCI Compliance, the PCI-DSS standard, and other PCI related policies, directives, and regulations.

Definitions and Acronyms:
PCI: Payment Card Industry
The major credit card venders (American Express, Discover, Mastercard, Visa)

PCI-DSS: Payment Card Industry - Data Security Standard
Standards the credit card companies created to govern the acceptance and processing of credit card information that amust be followed by all merchants.

QSA: Qualified Security Assessor
A QSA is an organization and select employees who have received certification by the PCI to perform security audits to verify PCI compliance.

ASV: Approved Scanning Vendor
An ASV is an organization that receives certification by the PCI to perform vulnerability assessments of merchant stores and internet-facing environments.

SAQ: Self-Assessment Questionaire
There are four different versions (SAQ-A, SAQ-B, SAQ-C, SAQ-D) of the SAQ available for merchants depending on the amount of Credit Card information which is handled by their company

PII: Personally Identifiable Information
Information which can single out a specific person leading to potential identity theft.

Links:

PCI-DSS Standards

Self-Assessment Questionaires

This list will be updated as more information is gathered and is in no way complete. If you have any suggestions, please email them to me at tyler.thompson@webhostingbuzz.com

Thank you!