Overview of Various PCI SSC Security Standards

PCI SSC maintains various PCI standards, supporting programs, and related documentation. PCI Security Standards are developed specifically to protect payment account data throughout the payment lifecycle.

  1. PCI DSS (Payment Card Industry Data Security Standard) : PCI DSS covers security of the environments that store, process, or transmit account data. The scope of PCI DSS covers environments receiving account data from payment applications and other sources—acquirers. Generally applicable for merchants, Service Providers, any payment solution providers.
  2. PCI Secure Software Standard ( 3S) : The Secure Software Standard defines a set of security requirements to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data. The Secure Software Standard includes a set of “core” requirements that apply to all types of payment software submitted for validation under the PCI Software Security Framework, regardless of the software’s functionality or underlying technology. Generally applicable for Payment Software vendors who would like to sell their Payment Software to their customers as a off the shelf-product.
  3. PCI Secure Software Lifecycle: The PCI Secure Software Lifecycle (Secure SLC) Requirements provides a baseline and guidance to help payment software design, develop, and maintain secure payment software throughout the software lifecycle. Generally applicable for Software Development vendors who would like to develop payment software on behalf of their customers.
  4. PCI 3DS ( Three Domain Secure): This standard helps the entities who perform the 3DS Server (3DSS), 3DS Directory Server (DS), 3DS Access Control Server (ACS) Functions.   3DS is a messaging protocol that enables end users to do a multi factor authentication themselves with their card issuer when making any online purchases / E-commerce Transactions. Generally applicable for Acquirers (Merchant Banks) and Issuers (Cardholders Bank).
  5. PA DSS (Payment Application Data Security Standard): PCI PA-DSS covers secure payment applications to support PCI DSS compliance. The scope of PA-DSS addresses when a payment application receives account data from cardholder-interface devices such as point-of-sale terminals or other devices and begins the payment transaction. However PA-DSS is replaced by PCI Software Security Framework. Generally applicable for Payment Application vendors who would like to sell their application as a off the shelf product.
  6. PCI PTS – POI (Payment Card Industry PIN Transaction Security Point of Interaction): The PCI PTS - POI standard covers device tamper detection, cryptographic processes, and other mechanisms used to protect the PIN and other sensitive data, such as cryptographic keys. Generally applicable for Device Manufacturers.
  7. PCI PTS – PIN ( Payment Card Industry PIN Transaction Security – Personal Identification Number: The PCI PTS - PIN standard covers secure management, processing and transmission of personal identification number (PIN) data during online and offline payment card transaction processing. Generally applicable for Device Manufacturers.
  8. PCI PTS - HSM ( Payment Card Industry PIN Transaction Security – Hardware Security Module): The PCI PTS - HSM standard covers the design of hardware security modules and for securely protecting those devices until they are deployed. Generally applicable for HSM Device Manufacturers.
  9. PCI P2PE (Payment Card Industry Point-to-Point Encryption) : PCI P2PE (Point-to-Point Encryption) covers secure encryption, decryption, and key management for point-to-point encryption solutions. Requirements for a P2PE solution will vary depending on the deployment environment and the technologies used for a specific implementation. Generally applicable for the service providers who are providing end to end encryption solutions for their merchants.
  10. PCI Contactless Payments on COTS ( CPoC): The PCI Contactless Payments on COTS (CPoC) Solutions enable contactless payment acceptance on a merchant's consumer device using an embedded (near-field communications) NFC interface. This listing is a resource for merchants and acquirers to use in selecting a Contactless Payments on COTS (CPoC) Solutions. Generally applicable for PIN on Mobile Solution providers. 
  11. PCI Software-Based PIN Entry on COTS (SPoC) : Also famous as PIN on mobile device. This Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the mobile devices of consumers using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP). Generally applicable for PIN on Mobile Solution providers.

Stay Tuned, for more information and updates on payment security !!

LinkedIn Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. Know more Privacy Policy & Cookies Policy.