Sunday, November 28, 2010

Adventures in PCI DSS Compliance

I've been reviewing the Payment Card Industry Data Security Standard (PCI DSS) for purposes of obtaining compliance. The standard includes 12 requirements for any business that stores, processes or transmits payment cardholder data.

One of the first things I looked at was the documentation requirements placed upon an organization. What I found is both interesting and likely a source of confusion for many organizations.