8 PCI DSS questions every CISO should be able to answer

Any organization that processes credit card payments risks large fines and loss of their merchant accounts if they are not PCI DSS compliant when a breach occurs. Here's what CISOs need to know.

credit card hack financial breach stealing money traffiking financial data target by igphotography
IGphotography / Getty Images

At the end of this year, the Payment Card Industry Data Security Standard (PCI DSS) is expected to get an upgrade to version 4.0. It has been around since 2001 and isn't getting as much attention in the news as newcomers like the European General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

PCI DSS is very much relevant and applies to every company that accepts card payments, both online and offline. Here are the questions that CSOs are most likely to face when it comes to PCI.

What is PCI DSS?

PCI DSS is a standard backed by all the major credit cards and payment processors that is designed to protect credit card numbers. It specifies a set of cybersecurity controls and business practices and requires either self-assessments or external audits. The degree of reporting varies on the company size.

"The benefit to the merchant, service provider and their customers is an increased focus on data security," says David Ames, principal in the cybersecurity and privacy practice at PricewaterhouseCoopers.

To continue reading this article register now

The 10 most powerful cybersecurity companies