Back to books home

Volume 1 - A Business Case for the PCI DSS

  • 1.1 Volume Introduction
  • 1.2 Why PCI DSS?
    • 1.2.1 The value of card information
    • 1.2.2 The costs of PCI DSS
  • 1.3 How We Got Here - An Oversimplified History of the Payment Card Industry (PCI)
    • 1.3.1 Credit in ancient times?
    • 1.3.2 Development of the financial industry in the USA
    • 1.3.3 The credit card era
    • 1.3.4 Credit card and the internet - or the automated fraud era
    • 1.3.5 Government Reaction to Accounting Scandals and Industry Reaction
  • 1.4 Who should care about the PCI DSS?
    • 1.4.1 The payment card model
    • 1.4.2 Anatomy of payment card transactions
    • 1.4.3 Clearing and Settlement
  • 1.5 So what exactly is PCI DSS?
    • 1.5.1 PCI DSS and the PCI SSC
    • 1.5.2 Defining the PCI DSS?
    • 1.5.3 PCI DSS at a high-level
    • 1.5.4 High-level overview of other PCI standards
      • 1.5.4.1 Issuer Standards
      • 1.5.4.2 Software Security Standards
      • 1.5.4.3 Device Security Standards
      • 1.5.4.4 Payment Device and COTS (Commercial off the Shelf) Devices (aka mobile phones)
  • 1.6 How should PCI DSS compliance be addressed?
    • 1.6.1 Fort Knox or the ‘castle’ metaphor
    • 1.6.2 New security paradigm: zero trust
  • 1.7 Demonstrating PCI DSS compliance
    • 1.7.1 RoC vs SAQ (and AoC)
    • 1.7.2 Merchant Compliance
    • 1.7.3 Service Provider Compliance
    • 1.7.4 Other compliance - issuers, acquirers
  • 1.8 Where do we go from here? The evolution of the PCI DSS standard
    • 1.8.1 Early PCI DSS versions: versions 1.0, 1.1, 1.2 and 1.2.1
    • 1.8.2 PCI DSS 2.0
    • 1.8.3 PCI DSS 3.0 and 3.1
    • 1.8.4 PCI DSS Designated Entities Supplemental Validation (DESV)
    • 1.8.5 PCI DSS 3.2
    • 1.8.6 PCI DSS 3.2.1
    • 1.8.7 PCI DSS 4.0
      • 1.8.7.1 PCI DSS 4.0 - New terminology (Glossary)
      • 1.8.7.2 PCI DSS 4.0 Structural changes
      • 1.8.7.3 PCI DSS 4.0 Major Requirement Changes
  • 1.9 Where do we go from here? Learning from failures
  • 1.10 Parting thoughts for PCI DSS 4.0 version (Summer 2022)
  • End Notes - Volume 1