The Payment Card Industry Data Security Standard (PCI DSS) is a set of rules that dictates what data must be protected and the steps that must be taken to protect it, for organizations involved with financial transactions. This does not just mean banks and finance businesses; it means any organization that handles money in any way – basically every business!
Transaction data covered under PCI DSS can expose legitimate owners to theft and financial loss. This can be through unauthorized transactions undertaken on the card itself, or through identity theft, which can have larger implications and costs.
In this section, we will be identifying the data elements that are protected under PCI DSS and the actions required by the standard. This is specifically referred to in topics 3.7a and 3.8 of the 210–255 topic list:
3.7 Map data types to these compliance frameworks
3.7.a PCI
3.8 Identify data elements that must be protected with regards to a specific standard (PCI DSS)
We will separate the section into two parts: the data elements that are protected under PCI DSS and the actions required.