PCI DSS is the security certification that applies to any organization or merchants that accepts, transmits or stores any credit card data. PCI compliance warrants close scrutiny by any organization's IT Security team because fines for non-compliance can exceed tens or even hundreds of thousands of dollars.
The Payment Card Industry Data Security Standard also known as PCI DSS is a multi-faceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations protect systems used to store, process or transmit cardholder data.
Information technology is at the core of compliance with this data security standard. IT professionals deploy, monitor, test and maintain the network components, which support transactions involving cardholder data. Those components can be almost anything attached to the network, including servers, switches, routers, firewalls and other applications.
The PCI Security Standards Council recommends that the parts of the network that are involved with cardholder data be isolated, which makes it possible to rein in the network environment subject to the standard. Otherwise, an organization's entire network can be subject to PCI DSS and, consequently, to the annual assessment.