Any type of company in the business of processing, storing and transmitting cardholder and transaction data (e.g. merchants, banks, processors, and point-of-sale vendors) must comply with PCI DSS in order to maintain membership status and be authorized to accept credit cards.

 

Lack of compliance may lead to penalty fines (up to $500,000 per data loss), restrictions and even permanent exclusion from card acceptance programs.
By extension, the PCI DSS standard is considered by many businesses as the standard by which to ensure tight security of their IT infrastructure.

 

The PCI Security Standards Council was formed by the major payment card companies including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa to build an open global forum in which all participants can provide input into the ongoing development, enhancement, and dissemination of the PCI Data Security Standard (DSS) and other standards that increase payment data security.

 

The goal of PCI DSS is to enhance payment account data security best practices to protect sensitive cardholder information, reduce fraud and identify security issues that could be exploited by malicious users.

 

PCI DSS standard 1.1 (issued in September 2006) adds a major requirement (requirement 6.6): protecting Web Applications either by auditing their code or by deploying a Web application firewall.

 

This requirement is mandatory as of 30 June 2008 in order to obtain PCI DSS compliance.

 

 

DENY ALL, THE WEB APPLICATION SECURITY SPECIALIST

As the leading Web Application Firewall vendor in Europe, Deny All has unique expertise in securing dynamic and rapidly-changing applications. The company has helped large organizations comply with PCI DSS requirements and enhance their e-business with a global application delivery including proactive Web application Security, Web infrastructure acceleration and architecture simplification.

 

 

 

PCI DSS REQUIREMENTS

 

Learn more about PCI-DSS