{"id":8930,"date":"2023-04-06T13:42:18","date_gmt":"2023-04-06T11:42:18","guid":{"rendered":"https:\/\/usd.formwandler.rocks\/pci-dss-was-sie-wissen-sollten\/"},"modified":"2023-04-06T13:42:46","modified_gmt":"2023-04-06T11:42:46","slug":"news-what-is-pci-dss","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/news-what-is-pci-dss\/","title":{"rendered":"PCI DSS \u2013 What You Need to Know"},"content":{"rendered":"\n<p><em>In this short series we provide you with useful facts about the Payment Card Industry Data Security Standard. Be well informed on your PCI DSS certification.<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Part 1: What is the Payment Card Industry Data Security Standard?<\/h3>\n\n\n\n<p>Payment card data is a very sought-after target for cyber criminals. In many cases, it can easily be stolen, especially from smaller companies, and turned into money with relatively little effort. Whether the attacks are carried out by professional hackers or malicious insiders: the criminals are usually highly organized, and the business with stolen payment card information is flourishing.<\/p>\n\n\n\n<p>Discovery of theft of payment card information initially leads to a series of costly investigations. These investigations are followed by claims for damages and penal fines. Finally, publication of the incident by the press results in a loss of reputation from which a company can only recover with great effort. Customer confidence dwindles and your business suffers lasting damage.<\/p>\n\n\n\n<p>This is why in October 2004, the payment card industry founded the\u00a0<a href=\"https:\/\/www.pcisecuritystandards.org\/\" target=\"_blank\" rel=\"noopener\">Payment Card Industry Security Standards Council (PCI SSC)<\/a>\u00a0which developed the worldwide valid\u00a0<strong>Payment Card Industry Data Security Standard (PCI DSS)<\/strong>\u00a0by standardizing the security guidelines of the individual payment card schemes.<\/p>\n\n\n\n<p>The PCI DSS is based on best practices and is continuously updated to counter current threats. It provides the basis for a standardized approach to protecting payment card data and includes both technical and organizational measures. If these measures are implemented, their combined effects provide a minimum level of security of payment card data.<\/p>\n\n\n\n<p>Validating your company\u2019s compliance with the PCI DSS can significantly influence the question of liability if a case of a payment card theft is detected. However, you must provide evidence that you had implemented and complied with all measures specified by the PCI DSS at the time of the incident.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The Main Target of Cyber Criminals<\/h3>\n\n\n\n<p>The number one target for cyber criminals are not the physical cards themselves, but the payment card&nbsp;<em>data<\/em>. Criminals are particularly interested in stealing these types of data:<\/p>\n\n\n\n<p>\u2022 Cardholder name<br>\u2022 Expiry date<br>\u2022 Credit card number (PAN)<br>\u2022 Verification code (CVC2\/CVV2\/\u2026)<\/p>\n\n\n\n<p>This data is either printed on the card or stored on the chip and the magnetic strip. Once in possession of this data, criminals can make payments to the cardholder\u2019s expense \u2013 e.g. on the internet. In some cases, the payment card number alone (without card verification code) is sufficient to make a purchase.<\/p>\n\n\n\n<p>Credit card thieves often sell stolen data on to others, e.g. through an organized black market for stolen credit card data on the internet. The criminals are usually highly organized and operate internationally. Since it is almost impossible to trace their activities, their risk of being caught is relatively low.<\/p>\n\n\n\n<p><strong>The measures imposed by the PCI DSS focus on securing potential attack channels and therefore offer a significant level of protection for payment card data.<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">PCI DSS v4.0 is here<\/h3>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p>On March 31, 2022, the\u00a0<a href=\"https:\/\/de.pcisecuritystandards.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">PCI Security Standards Council<\/a>\u00a0(PCI SSC) published\u00a0<a href=\"https:\/\/www.usd.de\/en\/pci-security-services\/pci-dss-v4-0\/\">version 4.0 of PCI DSS<\/a>\u00a0- the most comprehensive update of the security standard for credit card data ever. As of March 31, 2024, PCI DSS v4.0 will completely replace the previous version 3.2.1.\u00a0<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.usd.de\/en\/one-year-until-pci-dss-v4-0-becomes-mandatory\/\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"https:\/\/www.usd.de\/wp-content\/uploads\/\/usd-ag-news-update-pci-4.0-1024x589.jpg\" alt=\"\" class=\"wp-image-32330\" \/><\/a><\/figure>\n<\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p>Do you have any questions about the PCI DSS or your PCI DSS compliance validation?\u00a0<a href=\"https:\/\/www.usd.de\/en\/contact-form-pci\/\"><strong>Contact us<\/strong><\/a>, we are happy to help.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this short series we provide you with useful facts about the Payment Card Industry Data Security Standard. Be well informed on your PCI DSS certification. Part 1: What is the Payment Card Industry Data Security Standard? Payment card data is a very sought-after target for cyber criminals. In many cases, it can easily be [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":8928,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[373,394],"tags":[413,437,439,479,440,478],"class_list":["post-8930","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-en","category-pci-en","tag-cyber-security-en","tag-payment-security-2","tag-payment-security-en","tag-pci-certification","tag-pci-dss-en","tag-pci-zertifizierung-en"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/8930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=8930"}],"version-history":[{"count":0,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/8930\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/8928"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=8930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/categories?post=8930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/tags?post=8930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}