Payment Card Industry Data Security Standard (PCI DSS) in Retail industry

ISACA

VISA

Mastercard

PCI Security Standards Council

PCI Level 1 Compliance

PCI Level 2 Compliance

PCI Level 3 Compliance

PCI Level 4 Compliance

A documented change management process that includes change authorization, review and testing

Enforce strict user authentication controls

encrypted data transmission when transferring cardholder data

Restrict physical access to cardholder data

VISA

Discover

MasterCard

PayPal

Secure stored cardholder data

Build and maintain a secure network

Restrict physical access to cardholder data

Ensure a malware-free environment

Nine PCI DSS requirements are followed

Sixteen PCI DSS requirements are followed

Twelve PCI DSS requirements are followed

Twenty PCI DSS requirements are followed

Unique ID for each person with computer access

Define the roles and responsibilities of those accessing cardholder data

Restrict physical access to cardholder data

Review logs for all system components

Perform regular vulnerability scans

Conduct full review of policies, procedures, and processes

Implement an annual internal audit and review

Organize a Service Level Agreement with the customer's bank

Protect stored cardholder data

Ensure appropriate usage of encryption

Provide tracking and monitoring of all access to cardholder data

Track and monitor all access by external parties

All credit card associated applications must use strong encryption

All online shopping applications must be regularly scanned for security vulnerabilities

All applications must include a payment data protection agreement

All paymentcard-related applications must be documented