PCI DSS ( Payment Card Industry Data Security Standard ) is a security standard that consists of requirements necessary to protect sensitive information on credit and debit cards. It is mandatory for all companies that accept, process or transmit credit or debit card data to maintain a secure environment.

PCI SSC (Payment Card Industry Security Standards Council) was launched in 2006 to manage and improve the security of online payments. All the major payment card brands (Visa, MasterCard, American Express, Discover, and JCB) established this council as an autonomous body.

PCI SSC proposes 12 requirements as a set of rules that companies have to follow to maintain a safe environment. These are the requirements:

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use system passwords and other default security parameters provided by vendors.
3. Protect stored data of cardholders.
4. Encrypt cardholder data and confidential information transmitted over open public networks.
5. Use and regularly update antivirus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to data based on the official’s need to know the information.
8. Assign a unique identification to each person who has access to a computer.
9. Restrict physical access to cardholder data.
10. Track access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that includes information security