New Standards (Version 3.2.1)
PCI DSS Self-Assessments
All merchants should complete the designated self-assessment for their merchant. Completion of the appropriate self-assessment ensures that you fully understand your processes and operations, that you are educated and are held accountable concerning PCI policy and procedures, and that you recognize and remediate any security flaws.
Category 1 - All credit card processing is outsourced.
Category 2 - Merchant only processes payments using a dial up (copper phone line or cellular) terminal.
Category 3 - Merchant only processes payments using an IP terminal.
Category 4 - Merchant only processes payments using a web-based (virtual terminal), and does not store cardholder data electronically.
Category 5 - Merchant only processes payments using systems connected to the internet and NO electronic cardholder data storage.
Category 6 - Merchant stores electronic cardholder data.
Category P2PE - Merchants who only process payments using hardware payment terminals included in a validated and PCI SSC-listed PCI point-to-point encryption (P2PE) solution.
Category A-EP - Merchants who are e-commerce merchants who are not using URL redirection or iFrame, but instead use Direct post or JavaScript to interact with the gateway.
Category SPoC - Merchants who use software-based PIN entry on COTS (SPoC) solutions.
PCI Data Security Standards Overview
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step.
PCI Data Security Standard - High Level Overview:
- Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder