PCI DSS Implementation Guide

This guide describes how to implement the gateway in a way that is compliant with version 2.0 of the Payment Card Industry Security Standards Council’s Data Security Standards (PCI DSS).
gateway92
This guide describes how to implement the
Layer7 API Gateway
 in a way that is compliant with version 2.0 of the Payment Card Industry Security Standards Council’s Data Security Standards (PCI DSS).
Merchants and network operators are responsible for implementing their own Payment Card Industry Data Security Standards (PCI DSS) compliant environment. This guide helps you install, configure, and maintain your 
Layer7 API Gateway
 to best ensure it is PCI DSS compliant. 
PCI DSS Compliance and Validation
In 2006, American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International formed the Payment Card Industry Security Standards Council. The main purpose of the council is to produce and maintain the Data Security Standard (DSS). This is a set of rules and requirements that when followed will help prevent fraud, hacking, and other threats to private cardholder data.
You can review the complete specification at: https://www.pcisecuritystandards.org/
The PCI Security Standards Council is not a compliance organization. They do not require compliance, but individual payment networks may. Visa is one such example. They require compliance with the PCI DSS and you must complete validation based on the annual transaction volume processed.
A qualified security assessor is the only one who can validate your PCI compliance. For a current list of assessors, visit:
https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors
SPIGuard Inc. performed the compliance examination for CA Technologies.