PCI DSS Implementation Guide
This guide describes how to implement the gateway in a way that is compliant with version 2.0 of the Payment Card Industry Security Standards Council’s Data Security Standards (PCI DSS).
This guide describes how to implement the
Layer7 API Gatewayin a way that is compliant with version 2.0 of the Payment Card Industry Security Standards Council’s Data Security Standards (PCI DSS).
Merchants and network operators are responsible for implementing their own Payment Card Industry Data Security Standards (PCI DSS) compliant environment. This guide helps you install, configure, and maintain your
Layer7 API Gatewayto best ensure it is PCI DSS compliant.
PCI DSS Compliance and Validation
In 2006, American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International formed the Payment Card Industry Security Standards Council. The main purpose of the council is to produce and maintain the Data Security Standard (DSS). This is a set of rules and requirements that when followed will help prevent fraud, hacking, and other threats to private cardholder data.
You can review the complete specification at: https://www.pcisecuritystandards.org/
The PCI Security Standards Council is not a compliance organization. They do not require compliance, but individual payment networks may. Visa is one such example. They require compliance with the PCI DSS and you must complete validation based on the annual transaction volume processed.
A qualified security assessor is the only one who can validate your PCI compliance. For a current list of assessors, visit:
SPIGuard Inc. performed the compliance examination for CA Technologies.