Back to books home
Volume 1 - A Business Case for the PCI DSS (PCI DSS 4.0 edition)
- 1.1 Volume Introduction
- 1.2 Why PCI DSS?
- 1.2.1 The value of card information
- 1.2.2 The costs of PCI DSS
- 1.3 How We Got Here - An Oversimplified History of the Payment Card Industry (PCI)
- 1.3.1 Credit in ancient times?
- 1.3.2 Development of the financial industry in the USA
- 1.3.3 The credit card era
- 1.3.4 Credit card and the internet - or the automated fraud era
- 1.3.5 Government Reaction to Accounting Scandals and Industry Reaction
- 1.4 Who should care about the PCI DSS?
- 1.4.1 The payment card model
- 1.4.2 Anatomy of payment card transactions
- 1.4.3 Clearing and Settlement
- 1.5 So what exactly is PCI DSS?
- 1.5.1 PCI DSS and the PCI SSC
- 1.5.2 Defining the PCI DSS?
- 1.5.3 PCI DSS at a high-level
- 1.5.4 High-level overview of other PCI standards
- 1.5.4.1 Issuer Standards
- 1.5.4.2 Software Security Standards
- 1.5.4.3 Device Security Standards
- 1.5.4.4 Payment Device and COTS (Commercial off the Shelf) Devices (aka mobile phones)
- 1.6 How should PCI DSS compliance be addressed?
- 1.6.1 Fort Knox or the ‘castle’ metaphor
- 1.6.2 New security paradigm: zero trust
- 1.7 Demonstrating PCI DSS compliance
- 1.7.1 RoC vs SAQ (and AoC)
- 1.7.2 Merchant Compliance
- 1.7.3 Service Provider Compliance
- 1.7.4 Other compliance - issuers, acquirers
- 1.8 Where do we go from here? The evolution of the PCI DSS standard
- 1.8.1 Early PCI DSS versions: versions 1.0, 1.1, 1.2 and 1.2.1
- 1.8.2 PCI DSS 2.0
- 1.8.3 PCI DSS 3.0 and 3.1
- 1.8.4 PCI DSS Designated Entities Supplemental Validation (DESV)
- 1.8.5 PCI DSS 3.2
- 1.8.6 PCI DSS 3.2.1
- 1.8.7 PCI DSS 4.0
- 1.8.7.1 PCI DSS 4.0 - New terminology (Glossary)
- 1.8.7.2 PCI DSS 4.0 Structural changes
- 1.8.7.3 PCI DSS 4.0 Major Requirement Changes
- 1.9 Where do we go from here? Learning from failures
- 1.10 Parting thoughts for PCI DSS 4.0 version (Summer 2022)
- End Notes - Volume 1