(
Payment
Card
Industry
Data
Security
Standard) Security procedures from the PCI Security Standards Council for merchants that accept credit cards online. It includes guidelines for user authentication, firewalls, antivirus, encryption, truncating account numbers, programming maintenance and vulnerability testing.
The primary issue is the handling of customers' credit card numbers. To be PCI compliant, a merchant must provide strong encryption of the numbers for storage and transmission or use a third-party token service (see
token). For more information, visit www.pcisecuritystandards.org. The PCI DSS Quick Reference Guide is available at http://bit.ly/1aVst18. See
Qualified Security Assessor,
Internal Security Assessor and
Approved Scanning Vendor.