(
Payment
Card
Industry
Data
Security
Standard) Security procedures from the PCI Security Standards Council for merchants that accept credit cards online. PCI DSS includes guidelines for user authentication, firewalls, antivirus, encryption, truncating account numbers, programming maintenance and vulnerability testing.
The primary issue is the handling of customers' credit card numbers. To be PCI compliant, a merchant must provide strong encryption of the numbers for storage and transmission or use a third-party token service (see
token). See
Qualified Security Assessor,
Internal Security Assessor and
Approved Scanning Vendor.