The Payment Card Industry Data Security Standard (PCI DSS) is a highly prescriptive technical standard, which is aimed at the protection of debit and credit card details, which is referred to within the payments industry as cardholder data. The objective of the standard is to prevent payment card fraud, by securing cardholder data within organizations that either accept card payments or are involved in the handling of cardholder data. PCI DSS consists of 12 sections of requirements, and usually, responsibility for compliance rests with IT infrastructure support. PCI DSS requirement 6, however, breaks down into 28 individual requirements and sits squarely with software developers involved in the development of applications that process, store, and transmit cardholder data. PCI compliance heavily revolves around IT services. IT-focused compliance managers that are tasked with achieving compliance within organizations, often lack the required software developer knowledge and experience to help assure that the application development meets the arduous requirements of PCI DSS. Follow along to read a developer's perspective to complying with PCI DSS requirements.
Written for IBM developerWorks