Information on Payment Card Industry (PCI) standards including PCI DSS since 2015

The Payment Card Industry (PCI) standards maintained by the PCI SSC have the stated goal to protect card information. My experience that most users can interpret most individual requirements, but lack the overall structured approach (the big picture) to meeting the standards intent.  The recent update to PCI DSS 4.0 include major rewriting of individual requirements which should help this somewhat. Still as it is a complex standard, additional guidance can help.

What started as an idea in 2014 to provide what was sorely missing guidance on PCI DSS through books has grown, and should continue to grow, to provide more information and tools based on my experience servicing a variety of clients.

Books

This site will provide PCI resources to the community, starting with a series of volumes in paper and digital formats (books) explaining the various facets of the PCI DSS, the main standard maintained by the PCI SSC..  Links to other valuable resources will also be provided within each page.

The books can be purchased on the Amazon kindle store* or the Apple iBooks store (for iPad, iPhone and Mac computers). 

The scoping model and approach I use is available here (for free under a creative commons license) and further described and detailed in volume 2.

*Note: Amazon Kindle is a platform and not just a physical reader device. Kindle reader applications exist for iPhone/iPad, Android, PC, Mac, and even on the web.

Tools

A large part of my background, on top of information security, is software engineering and application development. This means that when I cannot find a tool (commercial or open source), I can roll my own. This provides

NetBehave

Note: A migration and redesign of this website is underway and expected to be completed in September 2022. Expect style changes and much more information shortly. Stay tuned.

Dans un avenir rapproché, j’espère fournir une version française du contenu de ce site.

En un futuro cercano espero proveer este mismo contenido en español.