PCI Standard – Overview

Tips PCI definitions

The PCI standard use different terms and acronyms, I will purpose on this post to explain theses.

PCI DSS: Covers security of the environments that store, process, or transmit account data.

  • Environments receive account data from Payment Applications and others sources (Acquirers).

PCI PA-DSS: Cover secure payment application to support PCI DSS compliance.

  • Payment Application receives account data from PIN-Entry devices (PEDs) or other devices and begins payment transaction.

PCI P2PE: Covers encryption, decryption, and key management requirements for point-to-point encryption solutions.

PCI PTS – POI: Covers the protection of sensitive data at point-of-interaction devices ans their secure components, including cardholder PINs and account data, and the cryptographic keys used in connection with the protection of that cardholder data.

PCI PTS – Pin Security: Covers secure management, processing and transmission of personal identification number (PIN) data during online and offline payment card transaction processing.

PCI PTS – HSM: Covers physical, logical and device security requirements for securing Hardware Security Modules (HSM).

PCI Card Production covers physical and logical security requirements for systems and business processes associated with card personalization, PIN Generation, PIN Mailers, and card carriers and distributions.